CGIplus-enabled Run-time Environment Example -------------------------------------------- ***** FIRST, EVIDENCE OF PERSISTANCE ***** Usage Count: 2 ***** SECOND, THE CGI ENVIRONMENT AVAILABLE ***** WWW_AUTH_TYPE= WWW_CONTENT_LENGTH=0 WWW_CONTENT_TYPE=text/plain; charset=ISO-8859-1 WWW_CSP_NONCE=d0f468fb488e45a64a8b7b37fadb2ad WWW_DOCUMENT_ROOT= WWW_GATEWAY_INTERFACE=CGI/1.1 WWW_GATEWAY_EOF=$Z-F61E87ED2B46E1CA230410C3- WWW_GATEWAY_EOT=$D-4FDE532892699F093AB0CF36- WWW_GATEWAY_ESC=$E-C951AC3F08652174FD22ADE5- WWW_GATEWAY_MRS=4492 WWW_GATEWAY_QIO=30660 WWW_HTTP_ACCEPT=*/* WWW_HTTP_USER_AGENT=Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) WWW_HTTP_ACCEPT_ENCODING=gzip, br, zstd, deflate WWW_HTTP_HOST=vsmx86.vsm.com.au WWW_HTTP_VIA=1.1 squid-proxy-5b5d847c96-dchd6 (squid/6.13) WWW_HTTP_X_FORWARDED_FOR=10.1.240.213 WWW_HTTP_CACHE_CONTROL=max-age=0 WWW_HTTP_CONNECTION=keep-alive WWW_PATH_INFO=/just/a/bogus/path.txt WWW_PATH_ODS=5 WWW_PATH_TRANSLATED=WASD_ROOT:[just.a.bogus]path.txt WWW_QUERY_STRING=query=string WWW_REMOTE_ADDR=216.73.216.57 WWW_REMOTE_HOST=216.73.216.57 WWW_REMOTE_PORT=45458 WWW_REMOTE_USER= WWW_REQUEST_METHOD=GET WWW_REQUEST_PROTOCOL=HTTP/1.1 WWW_REQUEST_SCHEME=http: WWW_REQUEST_TIME_GMT=Thu, 16 Apr 2026 03:37:59 GMT WWW_REQUEST_TIME_LOCAL=Thu, 16 Apr 2026 13:07:59 WWW_REQUEST_URI=/rtbin/version.h/just/a/bogus/path.txt?query=string WWW_SCRIPT_FILENAME=WASD_ROOT:[src.httpd]version.h WWW_SCRIPT_NAME=/rtbin/version.h WWW_SCRIPT_RTE=cgi-bin:[000000]rte_example.exe WWW_SERVER_ADDR=119.252.17.11 WWW_SERVER_CHARSET=ISO-8859-1 WWW_SERVER_GMT=+09:30 WWW_SERVER_NAME=vsmx86.vsm.com.au WWW_SERVER_PROTOCOL=HTTP/1.1 WWW_SERVER_PORT=80 WWW_SERVER_SIGNATURE=
WASD/12.4.0 Server at vsmx86.vsm.com.au Port 80
WWW_SERVER_SOFTWARE=HTTPd-WASD/12.4.0 OpenVMS/X86 SSL WWW_UNIQUE_ID=c3d34da759442aa102d WWW_FORM_QUERY=string WWW_KEY_COUNT=0 ***** THIRD, AN "INTERPRETED" FILE (WWW_SCRIPT_NAME/WWW_SCRIPT_FILENAME) ***** [0001] /*****************************************************************************/ [0002] /* [0003] version.h [0004] [0005] [0006] VERSION HISTORY [0007] --------------- [0008] 31-DEC-2025 MGD v12.4.0, [0009] simplify request timer management [0010] remove 'state' maintenance in favour of 'event' model (again) [0011] TcpIpSetKeepAlive() keep-alive on sockets (default enabled) [0012] DclPrcUserName() implicitly and explicitly by ErrorNoticed() [0013] avoid potential AST delivery issue using SesolaAcmeShut() [0014] SSL_CTX_set_ecdh_auto() in lieu of SesolaTmpDHCallback() [0015] DclCgiScriptSysCommand() activation based on RTE file type [0016] SesolaAcmeAgentEnd() report SYNCH (success) rather than ABORT [0017] (failure) after SSL_do_handshake() as it seems to work [0018] avoid potential AST delivery issue using SesolaAcmeShut() [0019] BUILD_HTTPD.COM (used directly) eliminates "WASD_VMS_V7" [0020] with proxy gutted; it's all about tunnels and socks [0021] add NetRequest() $CONNECT and $REQUEST directives [0022] $DELPRC(0,0) replaced by $EXIT(SS$_OPRABORT) in concert [0023] with STARTUP_SERVER.COM for implementing /DO=EXIT [0024] bugfix; SesolaAcmeTls1() remove HttpdTimerSet() [0025] bugfix; HttpdSupervisor() was not calling ThrottleTimeout() [0026] bugfix; HttpdCheckPriv() pmptr from HttpdExpectedPriv() [0027] bugfix; NetUpdateProcessing() in RequestGet(), RequestEnd2() [0028] bugfix; confusion (compiler as well) between [0029] NetCurrentProcessing and NetCurrentProcessing[] resulted [0030] in poor (wrong!) current processing totals [0031] bugfix; a classic! TcpIpRcvBufLength, TcpIpSndBufLength, [0032] TcpIpMaxSegLength should be ints not words [0033] Uncovered by Richard Whalen PSC during X86 MultiNet devel [0034] bugfix; do not suppress output for HTTP/0.9 (especially HEAD) [0035] bugfix; GraphActivityReport() allow /max-requests [0036] bugfix; obscure CGI variable initialisation (X86?) [0037] 03-DEC-2024 MGD v12.3.0, [0038] /DO=AUTH=SKELKEY= extend skeleton-key functionality [0039] WATCH now can generate standlone report file [0040] WATCH can collect data in a "detached" mode [0041] WATCH can collect data after network "trigger" [0042] WATCH cipher octets only when [x]SSL is checked [0043] WATCH "rabbit hole" restriction removed with revised strategy [0044] /DO=ZERO=HTTP2 [0045] refine HTTP/2 flow control [0046] Http2FlowCheck() and WASD_HTTP2_FLOW_CHECK logical name [0047] [SRC.LIBZ] and WASD_LIBZ_SHR32 [0048] HttpdSystemInfo() SYI$_CPUID to get underlying x86-64 CPU [0049] refine/expand server process log reports [0050] RequestLogNBG() to access log NBG request [0051] TcpIpSocketMaxQio() remove TLS-specific ->TcpMaxQio [0052] SesolaNetIoPerMinute() allows socket read size to be set [0053] SesolaCme.c supports ALPN-TLS-01 (acme-tls/1) [0054] DclMemBuf.C as promised (in 2017)) counters moved to accounting [0055] proxy FTP obsolete [0056] bugfix; DclTaskRunDown() REQUEST_STATE_SHUTDOWN rare $FORCEX [0057] bugfix; DirFormatLayout() return SS$_RESULTOVF [0058] bugfix; FileNextBlocks() StrDscBegin() [0059] bugfix; DclScriptProcessCompletionAST() remove IO$_WRITEOF [0060] bugfix; RequestEnd2() some statistics [0061] bugfix; RequestDiscardBody() regression [0062] bugfix; LoggingDo() abs(rqptr->rqResponse.Duration64) [0063] bugfix; Sesola_netio_read_ex() ->TcpMaxQio to ->TcpMaxSeg [0064] subtly broke (very) large reads, back to v12.0.0 strategy [0065] bugfix; request I/O accounting with HTTP/2 [0066] bugfix; HpackHeadersFrame() >= CookieSize [0067] bugfix; allow service name devoid of alphabetics (e.g. 10-8.) [0068] bugfix; ProxyTunnelLogicalName() SYSNAM for PSL$C_EXEC [0069] bugfix; DECnetSupervisor() remove orphaned tasks [0070] 16-JAN-2024 MGD v12.2.0, [0071] OpenSSL 3.0.n now the baseline supported version [0072] Can still be built and run against OpenSSL 1.1.1 [0073] OpenSSL TLS 1.3 requires SSL_CTX_set_cipher_suites() [0074] OpenSSL v1.1.1 emulate v3.0.n OSSL_default_ciphersuites() [0075] and OSSL_default_cipher_list() [0076] GATEWAY_SYMBOLS standard CGI variable [0077] #WASD_CONFIG_GLOBAL [Accept] and [Reject] now accept file [0078] specifications allowing files of patterns to be loaded [0079] /DO=ACCEPT and /DO=REJECT allow reloading of above [0080] /DO=REJECT=PURGE[=] allows purging of $STATUS IPs [0081] NetReject..() module allows more sophisticated accept/reject [0082] allow CIDR n.n.n.n/n patterns [0083] allow IP range n.n.n.n-n.n.n.n patterns [0084] $DNS, $LOG, $NOTE, $OPCOM, $4/5nn with $400, $403 [0085] $4/5nn maps a specific HTTP status to rejected IPs [0086] [SSLcipherSuites] for TLSv1.3 [0087] [ServiceSSLcipherSuites] for TLSv1.3 [0088] [AuthParam] and AuthConfigParam() provides per-realm params [0089] FaolSAK() 'UQ' and 'XQ' unsigned and hexdeciaml quadwords [0090] SesolaCertVerifyCallback() and SesolaClientCert() use new [0091] algorithm for determining client certificate validity [0092] X509 Authorization parameters can now include [0093] [IG:] will ignore client cert verification [0094] error number returned during the verification process [0095] (see prologue to AuthConfigParam()) [0096] logical name WASD_WATCH_ONE_SHOT defines one-shot items [0097] ensure all WASD_ROOT:[] are WASD_: [0098] HttpdSysOutDaily() per-day progessive snapshot of server log [0099] Http2Supervisor() mitigate Rapid Reset CVE-2023-44487 [0100] DclTaskRecover() periodically recover scripting resources [0101] HTTP/2 refinements using https://github.com/summerwind/h2spec [0102] bugfix; DirFormatAcpInfoAst() 64 bit file size [0103] bugfix; FileAcpInfoAst() 64 bit file size [0104] bugfix; DavPropLive() 64 bit file size [0105] bugfix; SesolaWatchPeek() do NOT SSL_free()! [0106] bugfix; braindead SesolaServiceSameCA() [0107] bugfix; OdsDirect() [again!] [0108] if (odsptr->DirectWildcard[0] && [0109] !odsptr->DirectVersion0) [0110] status = RMS$_NMF; [0111] 08-JAN-2023 MGD v12.1.0, [0112] WASD_CONFIG_INLINE configuration file [0113] SESOLA123 and SESOLA321 to allow OpenSSL-3.0 and [0114] OpenSSL-1.1.1 to be built using the same object code [0115] SesolaServiceSameCA() mitigate OpenSSL-3.0 expense [0116] TcpIpSocketMaxQio() adjust send buffer 2x (unless explicit) [0117] TcpIpSocketSndBuf() and ..RcvBuf() selectively applied [0118] ResponseHeader() default "content-security-policy:" [0119] move onclick=s to addEventListener()s to support [0120] content-security-policy: 'strict-dynamic' [0121] NetListFor() include client IP port, rework truncation [0122] AdminMenu() [Request+] report [0123] NetWrite() drop any and all HTTP status 418 (e.g. DCL script) [0124] Sesola..() remove code support prior to OpenSSL 1.1.0 [0125] SysLogInit() and SysLogOpcom() and WASD_SYSLOG logical name [0126] OdsAccessCheck() and logical name WASD_ODS_ACCESS_CHECK [0127] metacon remote-addr: and remote-name: tests if DNS resolution [0128] succeeded (if equal then name equals address and failed) [0129] RequestDiscardBody() use ->rqBody.ContentCount64 [0130] DECnetEnd() "solution" to obscure corner-case behaviour [0131] [NoticeInvalid] global configuration [0132] /DO=NOTICE=INVALID= [0133] /DO=OPCOM="" [0134] pre-v10.0 file name munging via v10orPrev10() eliminated [0135] while every care has been exercised with null-terminated [0136] string overflow; strzcpy() and strzcat() now ubiquitous [0137] bugfix; PutDelete() missing OdsStructInit(&SearchOds,true); [0138] bugfix; NetAbortSocket() deliver any outstanding read and/or [0139] write ASTs (especially for HTTP/2 streams) [0140] bugfix; ProxyTunnelLogicalName(NULL) from HttpdTick() [0141] bugfix; HttpdSupervisor() HTTP/2 request timeout/no-progress [0142] bugfix; ProxyTunnelBegin() not ProxyTunnelRebuildRequest() [0143] PROXY_TUNNEL_HTTP and PROXY_TUNNEL_HTTPS should NetRead() [0144] bugfix; DECnetWriteRequestBody() tkptr->QueuedDECnetIO++; [0145] 05-OCT-2022 MGD v12.0.1, [0146] strsame() now implemented using str[n]casecmp() [0147] bugfix; OdsDirect() end of records (-1) in end file block [0148] bugfix; when using file cache magic buffers [0149] bugfix; AuthorizeRealm() greater-than not -or-equal-to [0150] ->LastAccessMinutesAgo > ->rqAuth.RevalidateTimeout [0151] 23-OCT-2021 MGD v12.0.0, [0152] So long, farewell, Auf Wiedersehen, goodnight (-VAX) [0153] (comprehensive move to native 64 bit data storage) [0154] continuing port to x86-64 (OpenVMS V9.1-A) [0155] verified builds against and operates with OpenSSL 3.0 [0156] (but not offically supported due to OpenSSL 3.0 issues) [0157] accomodate PIPE from WASD_ROOT:[SRC.UTILS]WASTEE.C [0158] TcpIpAlt..() experimental address/name lookup [0159] BSD 4.4 sockaddr.. IO$M_EXTEND to $QIO (per MB) [0160] proxy caching has been obsoleted [0161] proxy SOCKS5 connect support [0162] scripting process naming revised (perhaps even enhanced) [0163] agent scripting extended and formalised for v12... [0164] AGENT-BEGIN: and AGENT-END: callouts [0165] CGI: and DICT: callouts [0166] /DO=DCL=PROCTOR=APPLY [0167] /DO=DCL=PROCTOR=LOAD [0168] /DO=NET=LIST [0169] /DO=NET=PURGE=HTTP1 [0170] /DO=NET=PURGE=HTTP2 [0171] logging 'XX:blb' visual aid [0172] AdminPing() provides a baseline RTT for request processing [0173] SET proxy=rework= (replacement strings for response) [0174] SET response=var=asis (provide exact image of on-disk file) [0175] SET webdav=all (process all requests via WebDAV code) [0176] SET webdav=auth (authorise access using WebDAV SETings) [0177] metacon webdav:all (SETing of above) [0178] metacon webdav:auth (SETing of above) [0179] pass /whatever "200 $" executes CLI command [0180] !#-- and !#++ selectively disable/(re)enable WATCH reporting [0181] [ServiceConnect] respond to a connection on a port [0182] WATCH: proctored script by checking only [x]Script [0183] OdsFileAcpInfo() ATR$C_MODDATE (date-time *data* modified) [0184] supplements ATR$C_REVDATE (classic revision date-time) [0185] callout HTTP-STATUS: detect if a script has responded yet [0186] DavWebRequest() specifically handle WebDAV GET and HEAD [0187] DavMetaOds() ensure extended syntax only used ODS-5 volumes [0188] AuthAccessEnable() file access use (rqptr->WebDavRequest || [0189] rqptr->WhiffOfWebDav || rqptr->rqPathSet.WebDavAuth) [0190] AuthParseAuthorization() return AUTH_DENIED_BY_LOGIN [0191] if unknown scheme allowing 401 response rather than 403 [0192] FaoBigNumber() '&,' optionally numbers 'P', 'G', 'M', 'k' [0193] SesolaMkCertRetain() stores dynamic cert in process logical [0194] WatchData() and WatchDataDump() constrain length [0195] NetListFor() use of $BRKTHRU requires OPER privilege [0196] bugfix; Http2Supervisor() idle connection [0197] bugfix; SesolaNetIoRead() /bytes = value/ [0198] bugfix; FileBegin() ERROR_REPORTED() free file task [0199] bugfix; CliDemo and instance environment number (per KM) [0200] bugfix; CgiGenerateVariables() "AUTHAGENT hangs when called [0201] for a POST request" (per JPP) [0202] bugfix; DclCalloutDefault() CLIENT-READ: [0203] bugfix; AdminMenu() activity hours 672 [0204] bugfix; MapOdsAdsVmsToUrl() "if (SAME2(cptr,':['))" [0205] bugfix; OdsDirectSearch() appending the resultant file name [0206] to the pre-filled expanded name [0207] bugfix; DavMetaCreateDir() and DavMetaDeleteDir() [0208] allow for non-existant meta data files [0209] bugfix; DavMetaName() no meta directory [0210] bugfix; ErrorReportFooter() use request heap for signature [0211] 17-AUG-2020 MGD v11.5.1, [0212] Http2RequestData() reduce memory consumption [0213] HTTP2_DEFAULT_WINDOW_SIZE from 1048575 to 131070 [0214] if no service configured create http: and https: ex nihilo [0215] VmCheckPgFlLimit() and WASD_VM_PGFL_LIMIT logical name [0216] keep connect cert (->VerifyPeer) distinct from client cert [0217] bugfix; ProxyEnd() fix NetIoEnd() fix [0218] bugfix; OdsDirectSearch() if wildcard specification [0219] return RMS$_NMF, otherwise RMS$_FNF (seems so elementary) [0220] bugfix; Http2RequestCancel() cancel and abort [0221] bugfix; RequestEnd() redirection [0222] bugfix; SesolaALPNCallback() 'h2' global and service enabled [0223] bugfix; ControlDoHelp() remove non-existant DISCONNECT=.. [0224] bugfix; RequestExecutePostAuth1() INTERNAL_PASSWORD_CHANGE [0225] should call HtAdminBegin() not AdminBegin() [0226] bugfix; SesolaSNICallback() needs to propagate newly set [0227] context client verify parameters to SSL-specific [0228] bugfix; SesolaNetFree() ensure (sigh) X509_free() where [0229] ->ClientCertPtr associated with connection (i.e. HTTP/2) [0230] bugfix; RequestParseExecute() ensure PUT and DELETE have [0231] WebDAV header field(s) before considering WebDAV [0232] 22-JUL-2020 MGD v11.5.0, "Stay well..." [0233] static fallback cert replaced by dynamic SesolaMkCert() [0234] protocol "HTTP/2" also reported in standard log formats [0235] DavWebRequest() remove requirement for logical name [0236] WASD_HTTP2_WEBDAV after WebDAV over HTTP/2 tested [0237] NetIoQioMaxSeg() tune QIO to TCP MSS [0238] verified against VSI SSL111 product [0239] SET response=c sp= ("content-security-policy:") [0240] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP [0241] SET response=cspro= ("..policy-report-only:") [0242] metacon alpn: (TLS application level protocol negotiation) [0243] metacon proctor: (obvious proctored script clause) [0244] DCL callout CSP: ("content-security-policy:") [0245] DCL callout CSPRO: ("..policy-report-only:") [0246] REGEX.C updated (ever-so-slightly) [0247] more proxy persistent connection (per JPP) [0248] RequestAbort() accomodates HttpdSupervisor() refinement [0249] and REQUEST_STATE_ABORT used throughout server [0250] Http2RequestData() delivers Http2RequestCancel() read AST [0251] NetTestSupevisor() and WASD_NET_TEST_BREAK logical name [0252] bugfix; ProxyEnd() free ioptr using NetIoEnd() [0253] bugfix; NetIoWriteStatus() and NetIoReadStatus() [0254] bugfix; RequestPersistentConnection() pipelined request [0255] bugfix; Http2RequestData() flow control [0256] bugfix; SesolaClientCertGet() SSL_VERIFY_POST_HANDSHAKE [0257] bugfix; httpd.c if (!CliDemo) HttpdGblSecInit(); [0258] bugfix; MetaConConditionalList() bu**ered [0259] bugfix; RequestProcessFields() DictLookup (.."accept"..) [0260] bugfix; SesolaCertExtension() BIO_NOCLOSE memory leak [0261] bugfix; CacheLoadEnd() free rqCache.ContentPtr on fail [0262] bugfix; DICT.C "tmptr && tmptr->clink.." [0263] bugfix; Http2Priority() exclusive bit [0264] bugfix; NetCreateService() only SesolaInitService() once [0265] bugfix; WatchDataDump() CHARS_PER_LINE calculation (sigh) [0266] bugfix; OdsDirectSearch() RMS$_FNF not RMS$_NMF (per JPP) [0267] bugfix; RequestShareBegin() if (!MATCH6 (cptr, "raw://")) [0268] bugfix; SesolaNetClientBegin() SESOLA_SINCE_110 [0269] BIO_set_data() before SSL_set_bio() (per JPP) [0270] bugfix; AdminParsePath() extraneous OdsParseRelease() [0271] bugfix; OdsDirectSearch() only if not already on the block [0272] boundary add one to get to next, otherwise already there! [0273] 20-JUL-2019 MGD v11.4.0, "One small step ..." [0274] 25th Anniversary Release (see 20-JUN-1994 below) [0275] adapt WatchSystemPlus() to allow use via CLI /SYSPLUS [0276] then dignified with a (sysPlus..()) module of its very own [0277] /OUTPUT= (in particular for /SYSPLUS) [0278] HttpdSupervisor() explicitly WatchEnd() [0279] Sesola_netio_read() and Sesola_netio_write() if connection [0280] broken (channel zero) return zero (SSL shutdown) [0281] SET response=200=203 for request tracking and log analysis [0282] ResponseHiss() response status changed from 403 to 203 [0283] status code 418 (teapot) forces connection drop [0284] allow a specified port when redirecting, i.e. http[s]//:nnn [0285] Sesola_netio_read_ast() 0 status TCP/IP Services? [0286] Sesola_netio_write_ast() 0 status TCP/IP Services? [0287] bugfix; SesolaClientCertGet() status 0 an issue [0288] bugfix; SesolaClientCertGet() if (value <= 0) break; [0289] bugfix; CgiOutput() Content-Length: strtoul() [0290] bugfix; SesolaClientCert() allow pattern per 25-AUG-2015 [0291] bugfix; SesolaCertExtension() storage reset [0292] bugfix; SesolaCertParseDn() regression (or whatever) [0293] bugfix; Http2NetQueueWrite() PEEK_8 at w2ptr->type [0294] bugfix; non-local without "Host:" use name not host:port [0295] bugfix; Http2RequestEnd() copy tally rx/tx to request [0296] bugfix; OdsDirectSearch() (uint)0xffff && rlen < 508) [0297] bugfix; AuthCompleted() and AuthNotComplete() to address [0298] AST delivery following request end and rundown [0299] bugfix; for bugfix StringSliceValue() kludge [0300] allow for DECnet connection string specified username [0301] bugfix; DavMetaDir() ACCVIO from !SAME2(mfdptr,'[.') [0302] 24-NOV-2018 MGD v11.3.0 [0303] verified against OpenSSL v1.0.2 && v1.1.0 && v1.1.1 [0304] TLSv1.3 operational [0305] verified against EXPAT v2.2.5 (for WebDAV purposes) [0306] (but reverted to v2.0.1 for final VAX WASD release) [0307] VM.C eliminate dynamic tuning of heap initial allocation [0308] and rework to allow detailed memory management statistics [0309] to be compiled into the runtime for development purposes [0310] ODS (FILES-11) directory parser [0311] WatchSystemPlus() et.al. for system troubleshooting [0312] RequestBegin() exit after consecutive SesolaNetBegin() fails [0313] DavWebRundown() explicitly abort WebDAV processing [0314] allow logical name content during one-to-one rule mapping [0315] refactor WatchWrite() using NetWriteBuffered() [0316] DclTaskRunDown() always use DclEmptySysOutput() [0317] [BufferQuotaDclOutput] BUFQUO value for SYS$OUTPUT mailbox [0318] refactor Http2RequestCancel() into Http2RequestCancelRead() [0319] and Http2RequestCancelWrite() [0320] ProxyRequestRebuild() proxy-authorization opaque: [0321] ProxyTunnelLogicalName() WASD_TUNNEL_SECONDS [0322] RequestGet() and ProxyTunnelNetReadAst() provide [0323] "X-Forwarded-For:" client host to proxied-to server [0324] /DO=REQUEST=RUNDOWN=.. [0325] /DO=ZERO=STATUS [0326] /DO=SSL=SERVICE=LOAD[=] no longer works [0327] SET response=var=crlf [0328] SET response=var=lf [0329] SET response=var=none [0330] bugfix; PutWriteFileOpen() override incompatible existing [0331] file characteristics by first erasing the file [0332] bugfix; seeming innumerable WebDAV fixes (some obvious, [0333] some obscure) many thanks to John Dite for his patience and [0334] persistence in finding and reporting anomalous behaviours [0335] (check the individual DAV...C modules for descriptions) [0336] bugfix; StringSliceValue() kludge for DECnet tasks [0337] bugfix; MetaConEvaluate() "webdav:MSagent" [0338] bugfix; DavWebMicrosoftDetect() before ->WebDavTaskPtr [0339] bugfix; X509_free() memory leak with ->ClientCertPtr [0340] bugfix; Http2NetIoWrite() blocking write data must be [0341] asynchronously persistent so employ internal buffer(s) [0342] bugfix; /DO=AUTH=SKELKEY=.. cluster wide (yet again :-) [0343] bugfix; SESOLA-OpenSSL memory leak at v11.0.0 [0344] bugfix; FileParseAst() regression with search list file [0345] bugfix; RequestRundown() allow for cache activity [0346] bugfix; WatchDataDump() CHARS_PER_LINE calculation [0347] bugfix; (longstanding) MapUrl__Map() multiple template [0348] wildcards when reverse mapping [0349] 01-MAR-2018 MGD v11.2.0 [0350] make WATCH item width flexible using initial value 6 digits [0351] with leading 3 digits HTTP/2 stream ID followed by 3 digits [0352] connection ID number and on overflow increment by 2 [0353] if |WASD_ENV| defined use that in absence of /ENV=.. [0354] Dav..() always DavWebEnd() not RequestEnd() [0355] WebDAV "authorisation" allowed to be EXTERNAL or OPAQUE [0356] RequestRundown() outstanding task sanity checks [0357] HttpdSupervisor() refactored timeout handling [0358] ProxyTunnelLogicalName() and WASD_TUNNEL to provide client [0359] host and port tunnel data available to the WASD system [0360] activated by SET..PROXY=FORWARDED=[FOR|ADDRESS] [0361] logging 'II' image information (file, version, link time) [0362] logging 'TI' request time in ISO 8601 extended format [0363] logging 'TS' (sortable) UTC request time ISO 8601 format [0364] logging 'TU' request time UTC (GMT) now synonym for 'TG' [0365] stamp (note) log events when common/combined with/without+ [0366] SET DIR=TITLE=[default|owner|remote||this=] [0367] /DO=HELP brief summary of command-line /DOs [0368] /DO=SSL=SERVICE=LOAD[= (re)load SSL context [0369] (/DO=SSL=CERT=LOAD is now implemented using this) [0370] /DO=STATUS report basic status of all instances [0371] /DO=STATUS=NOW instances immediately update status information [0372] /DO=STATUS=PURGE zero stale instance status information [0373] /DO=STATUS=RESET zero instance status information [0374] /NOTE= annotation to server process log [0375] refactor WatchEnd() (yet again) [0376] DclInit() do not adjust SYS$OUTPUT mailbox size when HTTP/2 [0377] is enabled, issue an informational as required [0378] DclMemBuf..() memory buffer script IPC (see DCLMEMBUF.C) [0379] callout BUFFER-BEGIN: [0380] callout BUFFER-END: [0381] callout BUFFER-WRITE: [0382] SesolaReport() allow reporting using an HTTP service [0383] CgiOutput() refine Content-Length: to report out-of-range [0384] CgiOutput() reject subsequent non-header [0385] WatchReport() move SSL item into Network group [0386] WatchShowCluster() and WatchShowSystem() VMS V6.2 obsolete [0387] bugfix; (longstanding) InstanceSocketForAdmin() sys$deq() [0388] bugfix; Http2..() window update and flow control management [0389] bugfix; logging 'BB' header length "lost" during HTTP/2 mods [0390] bugfix; nil content CGI responses not delivered [0391] bugfix; (long-standing) always use UpdEnd() not SysDclAst() [0392] bugfix; CgiGenerateVariables() [0393] |rqptr->rqAuth.SourceRealm != AUTH_SOURCE_AGENT_OPAQUE &&| [0394] 09-AUG-2017 MGD v11.1.1 [0395] relax HTTP/2 "rabbit hole" to permit WATCHing except [0396] for items [x]HTTP/2, [x]SSL and [x]network [0397] /INSTANCE=CONFIG ensures config values used [0398] SesolaClientCertRenegotiate() allow for pre- and post- [0399] OpenSSL 1.1.0 due to MSIE11 (Edge) stalling on a read [0400] after renegotiation (pre reverts to v11.0 and earlier code) [0401] SesolaInitService() when SSL_CTX_set_tmp_dh_callback() is [0402] enabled (DH_PARAM_*.PEM files present) ensure flag [0403] SSL_OP_CIPHER_SERVER_PREFERENCE is implicitly set [0404] MapUrl_GuaranteeAccess() mapping as well as authorisation [0405] Authorize() move AuthorizeGuaranteeAccess() up-front to [0406] ensure access to guaranteed paths not only with failure [0407] StringSliceValue() allow quote-delim inside space-delimited [0408] bugfix; rationalise as OpenSSL_version[_num]() becomes [0409] confused catering for OpenSSL v1.0.2 && v1.1.0 && v1.1.1 [0410] bugfix; HttpdSupervisor() do RequestRundown() only the once [0411] bugfix; DclCalloutDefault() NOTICED: and OPCOM: responses [0412] bugfix; DclScriptProctor() request is not actually "!!*!" [0413] bugfix; HpackHeadersFrame() use ":authority" pseudo-header [0414] for "Host:" header according to RFC7540 8.1.2.3 [0415] bugfix; SesolaCertExtension() generate UPN independently [0416] for each of pre- and post- OpenSSL 1.1.n [0417] bugfix; SesolaClientCertConditional() 'IS' processing [0418] bugfix; SesolaClientCertRenegotiate() allow for low-level [0419] (i.e. SSL) I/O errors (e.g. link disconnection) [0420] bugfix; LoggingDo() 'SR' silliness from v11.0 rework [0421] bugfix; MapUrl_ExplainPathSet() response=header=add=.. [0422] bugfix; for HTTP/2 (sigh) we need NPH to generate a header [0423] bugfix; session ticket key refresh (must be one of those...) [0424] 04-MAY-2017 MGD v11.1.0, [0425] "Raw"Socket based on WebSocket infrastructure [0426] [DclScriptProctor] * general idle process(es) [0427] [ServiceRawSocket] enables a RawSocket [0428] [ServiceSSLcert] specification can contain wildcard(s) [0429] SET proxy=header=[=] [0430] logging 'CL' insert request content-length [0431] logging 'PL' insert PUT or POST body received count [0432] Sesola..() refinements for OpenSSL v1.1.1 and TLS 1.3 [0433] sesola.h |#include "openssl/rand.h"| to fix OpenSSL v1.1.0 [0434] static link error against rand_bytes() and rand_seed() [0435] SesolaNetThisIsSSL() allow redirection to include scheme [0436] /DO=SSL=CERT=LOAD ... basically for internal use only! [0437] (heads-up: planned Let's Encrypt CME utility :-) [0438] Graph..() activity graphic now implemented using HTML5 canvas [0439] ResponseHeader() ensure non-printables cannot be injected [0440] InstanceSessionTicketKey() rework multi-instance/cluster [0441] (sigh! yes again; the lack of a test cluster these days) [0442] DirDirectories() do not list "hidden" (^.the.DIR) directories [0443] bugfix; use rqHeader.RequestBody.. for body with header [0444] bugfix; DclScriptProctor() v11.0 request structure [0445] requires dictionary and netio structures [0446] bugfix; SesolaNetIoRead() SSL_read() in-progress [0447] bugfix; Http2RequestEnd() end-of-request (control) frame [0448] independent of request itself [0449] bugfix; Http2NetQueueWrite() and Http2NetWriteDataAst() [0450] blocking writes are not placed on the request's [0451] write list as they are transparent to the request [0452] bugfix; Http2NetQueueWrite() deliver via NetIoWriteStatus() [0453] using SS$_NORMAL (HTTP/2 I/O) not the request ->VmsStatus [0454] bugfix; SesolaControlReloadCA() do not proactively [0455] X509_STORE_free() (leaves a dangling pointer?) [0456] bugfix; SesolaSNICallback() port elimination [0457] bugfix; RequestExecutePostCache() keyword redirection count [0458] 25-AUG-2016 MGD v11.0.2, [0459] Http2RequestBegin() ensure stream ident not reused [0460] increase MAX_REQUEST_HEADER from 16384 to 32768 [0461] InstanceSessionTicketKey() rework multi-instance rotate [0462] CgiGenerateVariables() mitigate httpoxy vulnerability [0463] MsgConfigLoadCallback() make [ismap] optional [0464] ParseCommandInteger() accept just an integer [0465] CLI /INSTANCE= now sets global section |InstanceMax| [0466] to allow the created process to continue to exist and when [0467] used needs to be reset with the likes of /INSTANCE=1 [0468] minimum supported OpenSSL version is now v1.0.0 [0469] which precludes HP SSL V1.4 (at least) [0470] OpenSSL v1.1.0 required code changes including [0471] #if (OPENSSL_VERSION_NUMBER < 0x10100000L) in Sesola..() [0472] modules, and introducing a version dependent build [0473] SesolaClientCertRenegotiate() rework due to OpenSSL v1.1.0 [0474] ResponseHeader() ->rqCgi.ScriptControlHttpStatus will allow [0475] an error reporting script to override the original status [0476] CGI Script-Control: X-http-status= [0477] %SSL-x-STRICT (RFC6797) now described as %SSL-x-STRICT, HSTS [0478] bugfix; Http2RequestData() always deliver via NetIoReadAst() [0479] bugfix; HpackHeadersFrame() uncompressed header size [0480] bugfix; CgiGenerateVariables() names from dictionary [0481] bugfix; MetaConEvaluate() request: regression [0482] bugfix; RequestProcessFields() if-range: regression [0483] bugfix; MetaConEvaluate() client_connect_gt: regression [0484] bugfix; SesolaClientCert() move X509 RENEGOTIATE switch [0485] HTTP/2 to HTTP/1.1 after SSL_get_peer_certificate() [0486] 30-JUN-2016 MGD v11.0.1, [0487] meta config [[wasd*n.n.n]] server version conditional [0488] [SSLsessionLifetime] session ticket (or ID) lifetime [0489] [SSLverifyPeerDataMax] see documentation [0490] [ServiceSSLsessionLifetime] per-service equivalent [0491] [ServiceSSLverifyPeerDataMax] per-service equivalent [0492] [SSLsessionCacheMax] default (of zero) now disables [0493] in favour of the more efficient Session Ticket [0494] SesolaSessionTicket..() refresh and coordinate the [0495] TLS session ticket key cluster-wide using the DLM [0496] InstanceSupervisor() refresh session ticket key at midnight [0497] RequestGblSecUpdate() method and URI only printable chars [0498] ProxyTunnelRequestParse() append mapped path for logging [0499] DirFiles() and DavPropSearchAst() ignore ambiguous file [0500] names containing an escaped ("^.") period but no type [0501] ErrorRedirectQueryString() ERROR_URI variable [0502] bugfix; MapOdsUrlToOds5Vms() URLs will not contain [0503] '^'-escaped sequences so just '^'-escape them [0504] bugfix; SesolaClientCertRenegotiate() ensure request [0505] data cleared before renegotiate ([SSLverifyPeerDataMax]) [0506] bugfix; DclTaskRundown() cancel HTTP/2 client read [0507] bugfix; HttpdSupervisor() accumulate proxy accounting data [0508] bugfix; RequestEnd2() decrement processing rx or (SSH) method [0509] bugfix; RequestEnd2() read status OK -or- ENDOFFILE [0510] bugfix; HpackHeadersFrame() multiple to single cookie header [0511] bugfix; MetaConEvaluate() request-scheme: regression [0512] bugfix; NetWrite() response header write error handling [0513] bugfix; SesolaClientCert() just return status [0514] 07-MAY-2016 MGD v11.0.0, [0515] HTTP/2 (RFC7540, RFC7541) [0516] restructure network I/O abstractions (oh boy!) [0517] key-value dictionary (associative array) abstraction [0518] add "Refresh [integer] Seconds" to appropriate reports [0519] ProxyFtpListOutput() update in line with directory listing [0520] SET dict[=[=]] [0521] SET http2=protocol=1.1 [0522] SET http2=send=goaway[=] [0523] SET http2=send=ping [0524] SET http2=send=reset[=] [0525] SET http2=write=[low|normal|high] [0526] metacon dict:, http2: and request-protocol: [0527] [HTTP2..] global configuration [0528] [TimeoutHttp2Idle] [0529] logging 'DI' insert specified dictionary item value [0530] /DO=HTTP2=PURGE[=] [0531] ensure timed-out requests are logged as 408/500 [0532] excise much of the twenty years of reporting HTML cruft [0533] obsolete ismap.c, filedot.c, menu.c and track.c functionality [0534] 22-APR-2016 MGD v10.4.3 (unreleased), [0535] logging 'NP' insert notepad value [0536] logging 'XX' insert custom site/client-specific datum [0537] SET sslcgi=apache_mod_ssl_client [0538] SET sslcgi=apache_mod_ssl_extens [0539] LoggingDo() MAX_FAO_VECTOR from 64 to 128 [0540] SSL_CTX_set_ecdh_auto() set elliptic curves selection [0541] SesolaTmpDHCallback() improve DH*.PEM flexibility [0542] SesolaCertExtension() parse X509 extensions [0543] SesolaCertName() parse X509 distinguished name [0544] SesolaCgiVariablesExtension() document X509 extensions [0545] SesolaReport() list certificate extensions [0546] [ru:/CN=] allows multiple to be selected between [0547] (e.g. "[ru:/CN=user*]", "[ru:/CN=^^\[^/=\]*$]") [0548] SesolaCertParseDn() strncmp() not strsame() [0549] SesolaCertParseDn() select on pattern match [0550] StringMatchAndRegex() ensure |rqptr| not needed [0551] add limit to consecutive failures on persistent connection [0552] remove limit to consecutive requests on persistent connection [0553] TcpIpAddressToString() IPv4 in IPv6 as ::FFFF:n.n.n.n [0554] bugfix; ResponseHeader() for HEAD request transfer-encoding [0555] chunked suppress actual chunked body (RFC 7230 3.3) [0556] bugfix; SesolaInit() session cache max -1 disables cache [0557] bugfix; LoggingDo() elapsed time items [0558] bugfix; LoggingDo() 'CC' do not reuse pointers! [0559] bugfix; LoggingDo() 'VS' |->ServicePtr| dereference [0560] 15-AUG-2015 MGD v10.4.2, [0561] [ServiceStrictTransSec] (RFC6797) [0562] [SSLstrictTransSec] (RFC6797) [0563] SET response=sts= (Strict-Transport-Security:) [0564] ResponseHeader() Strict-Transport-Security: header [0565] add WATCH "!42*x" to beginning and ending of requests [0566] DavWebRequest() allow bodies with any and no Content-Type: [0567] then in DavWebRequest2() check for XML in the body content [0568] RequestRedirect() always use dynamic buffers [0569] when "remote-addr:" begins '?' translate host to IP address [0570] LoggingDo() add WASD_LOGS "convenience" logical name [0571] disable kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C [0572] as the issue seems to have been fixed in OpenSSL v1.0.2c [0573] logical name WASD_REDIRECT_WILDCARD must be defined [0574] to enable "DNS wildcard" proxy redirection [0575] bugfix; [Cli]ParseCommand() parenthesis parsing [0576] bugfix; Request..() rework pipelined request handling [0577] bugfix; move supervisor PID from InstanceNodeSupervisor() [0578] to InstanceNodeSupervisorAst() [0579] bugfix; DavWebDestination() URI and URL (Total Commander) [0580] bugfix; Error..() earlier and broader detection of WebDAV [0581] bugfix; DavDeleteParse() enable access around OdsParse() [0582] bugfix; DavMoveMeta() do not report RMS$_DNF [0583] bugfix; FaoSAK() sdptr = StrDscBuffer(StrDscPtr); [0584] bugfix; DavXmlStartElement() PROPFIND accumulate list of [0585] dead properties subsequently searched for in the metadata [0586] bugfix; MapUrl_ExplainPathSet() ->ResponseChunked [0587] bugfix; CONFIG_SERVER_LOGS logical names precede fixed locale [0588] 12-FEB-2015 MGD v10.4.1, [0589] ProxyResponseRebuild() and ProxyRequestRebuild() provide [0590] timeout=n parameter with Keep-Alive: header field (some [0591] origin servers hang when no parameters supplied, per JPP) [0592] SesolaInitOptions() expand options keywords to include [0593] most SSL_OP_.. flags using the OpenSSL flag #define as the [0594] keyword minus the "SSL_" (e.g. OP_CIPHER_SERVER_PREFERENCE) [0595] SesolaTmpRSACallback() and SesolaTmpDHCallback() [0596] support for ephemeral keys enabling "forward secrecy" [0597] SesolaInitService() and SesolaInitClientService() [0598] if cipher list begins '+', '-' or '!' append it to default [0599] increase MAX_REQUEST_HEADER from 8192 to 16384 [0600] (proxying requests from Firefox to IIS, per JPP) [0601] kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C [0602] bugfix; RequestEndEnd() use ZERO_DELTA_TIME macro [0603] bugfix; AuthCacheNeedsReval() AlreadyLocked (per JPP) [0604] bugfix; ConfigReportSecureSocket() FaoVector[32] [0605] 05-DEC-2014 MGD v10.4.0 [0606] CORS support [0607] /SSL=(TLSvALL,TLSv1.1,noTLSv1.1,TLSv1.2,noTLSv1.2) [0608] removed /SSL=(2|3|23) which must be altered to SSLv2, etc. [0609] NOTE: TLSv1, TLSv1.1, TLSv1.2 now ENABLED by default [0610] SSLv2 and SSLv3 are now DISABLED by default [0611] (as recommended post-POODLE) [0612] MapUrl_ClientAddress() allows for transparent upstream proxy [0613] ResponseStream() and request /stream/ [0614] AuthCacheNeedsReval() so multiple cache entries for the [0615] same credentials do not trigger multiple revalidations [0616] SsiEnd() detect and report non-SSI problem encountered [0617] access log buffer extended from [4096] to [16384] (UMA SAML) [0618] LoggingQuoted() explicitly encode some fields where a raw [0619] quotation mark (URI forbidden) can break a log entry [0620] HttpdExit() sanity check trace after %SYSTEM-F-ASTFLT [0621] stack corruption at (you guessed it) Uni Malaga resulted [0622] in the icb.libicb$v_bottom_of_stack never being set! [0623] tweaks to some accounting fields and values (for WASDmon) [0624] NetCreateService() check bind address string instead of [0625] address to allow binding primary to 0.0.0.0 (INADDR_ANY) [0626] directory default listing style now ed [0627] directory path SET ods=name=utf8 then response charset=utf-8 [0628] directory ?httpd=index&font=[inherit|monospace(D)] [0629] ?httpd=index&style=table[2] [0630] SET client=[forwarded|if=forwarded|literal=|reset| [0631] if=xforwardedfor|xforwardedfor] [0632] SET dir=font=[inherit|monospace(D)] [0633] dir=style=TABLE[2] (new default) [0634] SET cors=age= cors=cred=[true|false] [0635] cors=expose= cors=headers= [0636] cors=methods= cors=origin= [0637] SET ods=name=8bit, ods=name=utf8, ods=name=default [0638] SET webdav=[no]hidden [0639] webdav=meta=dir= [0640] [SecureSocket] and [SSL...] (overridden by /SSL=) [0641] [WebDAVmetaDir] sub or full directory for meta files [0642] WedDAV configurable metadata (sub)directory [0643] AuthAccessCheck() add explicit check against server [0644] account to improve reporting of underlying access [0645] User-defined logging directives 'CI', 'SR', 'SV' for [0646] SSL cipher, session reuse and version items [0647] COMMON+, COMMON_SERVER+, COMBINED+ composite log formats [0648] X-record0-mode[=0|1] and associated CGI null-record mode [0649] bugfix; and refine DirFormatSize() [0650] bugfix; SSLv23_method() appears to be a Swiss-army knife [0651] significant rework of SSL version configuration [0652] bugfix; TcpIpCacheAddressToName() memcpy null char [0653] bugfix; DavMetaOpenAst() retry after meta directory creation [0654] bugfix; DavPropEnd() ensure unused meta-data file deleted [0655] bugfix; MapOds5VmsToUrl() et.al. allow for ".][" [0656] bugfix; SAME3 0x00ffffff mask (not 0xffffff00) [0657] bugfix; DirFormatAcpInfoAst() ThisIsADirectory = false; [0658] bugfix; DavWebCreateDir() set SYSPRV access, propagate rest [0659] bugfix; PutWriteFileOpen() WebDAV should not use default [0660] protection mask and instead propagate from profile [0661] bugfix; FileParseAst() allow for non-dir .DIR files [0662] bugfix; RequestRedirect() allocate using (possibly expanded) [0663] header length (not fixed) when allocating POST buffer [0664] bugfix; PROXY.C no $QIO buffer should exceed 65535! [0665] 06-OCT-2013 MGD v10.3.0 [0666] TLS1 Server Name Indication (SNI) extension [0667] /SSL= parameter options rework (plus new mnemonic options) [0668] SesolaNetClientBegin() include SNI before connect [0669] PutWriteFileOpen() support FAB$C_STM and FAB$C_STMCR [0670] DclMailboxAcl() allow usernames without associated [0671] identifiers (i.e. shared UICs) by first trying with the [0672] username and on failure getting the UIC and using that [0673] FaoUrlEncodeTable tilde from "%7e" to "~" (cadaver issue) [0674] GzipInit() ZLIB shareable image via logical names [0675] WASD_LIBZ_SHR32, then GNV$LIBZSHR32, finally LIBZ_SHR32 [0676] PersonaAssume() wrap sys$persona_create() with SYSPRV [0677] after modifications to DclMailboxAcl() to allow usernames [0678] without associated identifiers (i.e. shared UICs) [0679] authorisation realm read-only group can be specified as "*" [0680] to represent that "everyone else" can read [0681] ProxyResponseRebuild() additional header length bumped [0682] from an ambit 256 to an ambit 1024 (Uni Malaga :-) [0683] OdsNamBlockAst() on non-ODS_EXTENDED platforms (i.e. VAX) [0684] tease-out system file name from Nam.nam$l_name and [0685] Nam.nam$l_type into odsptr->SysFileName buffer [0686] historically used by ODS-5 and munge for ODS-2 as well [0687] .WWW_WASD directory directive file [0688] sortable directory listing [0689] ?httpd=index&ilink=[yes|no] [0690] ?httpd=index&override=[yes|no] [0691] ?httpd=index&query= (.WWW_WASD specific) [0692] ?httpd=index&style= [0693] ?httpd=index&sort=[+|-] [0694] ?httpd=index&target= [0695] ?httpd=index&these=[,] [0696] ?httpd=index&versions=|* [0697] SET dir=delimit= [0698] SET dir=[no]ilink [0699] SET dir=style=sort (plus the dir=style=2) [0700] SET dir=sort=[+|-] [0701] SET dir=target= [0702] SET dir=these=[,] [0703] SET dir=versions=|* [0704] SET put=rfm=[STM|STMCR|UDF] added to FIX512,STMLF [0705] "upstream-addr:" conditional [0706] [AuthRevalidateLoginCookie] obsolete (in favour of ...) [0707] rqptr->AuthRevalidateCount to track empty authentication [0708] prompts preceding potential redundant revalidation prompt [0709] [PutBinaryRFM] add STM and STMCR [0710] [ServiceNonSSLRedirect] |[:] [0711] some refinements to Upd..() layout and functionality [0712] refine HTML and bring a little more up-to-date [0713] AUTH_MAX_USERNAME_LENGTH bumped from 47 to 64 for X509 [0714] FileAcpInfoAst() '$.' file extension kludge [0715] bugfix; AuthConfigLoadCallBack() additional [AuthProxy] [0716] with intervening rules should reset proxies [0717] bugfix; FileResponseHeader() "?httpd=content&type=" decoded [0718] bugfix; MapOds..() identify MFD using "000000]" and "000000." [0719] bugfix; AuthVmsGetUai() interaction of logon= parameters [0720] bugfix; UpdFileRename() ACCVIO with AuthAccessEnable() [0721] bugfix; RequestParseAndExecute2() remove reset of [0722] request persistent flag from OPTIONS and DELETE [0723] bugfix; SesolaInitService() (or refinement) [0724] SSL_CTX_set_session_id_context() against each service [0725] bugfix; DirFormatSize() bytes [0726] bugfix; OdsParseTerminate() on non-ODS_EXTENDED platforms [0727] (i.e. VAX) reset .nam$b_esl to changed expanded length [0728] or it can generate RMS$_ESL errors [0729] bugfix; DavPropSearchAst() on non-ODS_EXTENDED platforms [0730] (i.e. VAX) reset .nam$b_rsl to changed resultant length [0731] or it can generate RMS$_RSL errors [0732] bugfix; non-ODS_EXTENDED platforms (e.g. VAX) must [0733] OdsParse() NAM$M_NOCONCEAL before OdsSearchNoConceal() [0734] bugfix; MapUrl__Map() reverse mapping wildcard copy [0735] bugfix; CgiGenerateVariables() AUTH_GROUP write/read status [0736] bugfix; AuthClientHostGroup() wildcard match result reversed [0737] bugfix; ProxyResponseRebuild() call ProxyRebuildLocation() [0738] can return a pointer to the original location! [0739] bugfix; SesolaInit() translate WASD_SSL_CIPHER logical name [0740] 09-NOV-2012 MGD v10.2.0, [0741] TOKEN authorisation [0742] request header DNT (do not track) [0743] set ProxyReadBufferSize to 64k (per JPP) [0744] allow (proxy) ResponseBufferSize to be >= 64k (per JPP) [0745] HttpdSystemInfo() $GETSYIW() CsidVersion treat status [0746] SS$_UNREACHABLE as non-fatal and fallback to 16 byte LVB [0747] DIGEST.C numerious tweaks up to RFC2069 [0748] [AuthTokenEntriesMax] for token authorisation [0749] bugfix; HTAdminModifyUser() use database name for digest [0750] bugfix; AuthorizeResponse() digest scheme [0751] bugfix; AuthVmsGetUai() logon= fall through [0752] bugfix; DclSysOutputAst() WebSocket wrt agent [0753] bugfix; WebSockEnd() do not NetCloseSocket() [0754] bugfix; (at least improve) caching of group write/read [0755] bugfix; SesolaParseCertDn() return NULL if record not found [0756] bugfix; AuthorizeGroupWrite() with cached entries! [0757] bugfix; AuthReadSimpleList() parameter /DIRECTORY= processing [0758] 28-APR-2012 MGD v10.1.1, [0759] RequestGet() no longer report 408 for unused connections [0760] RequestEndEnd() likewise ignore unused connections (Chrome) [0761] MetaConLoad() compress non-signficant white-space [0762] proxy WebSocket upgrade requests as raw tunnels (kludge) [0763] DclRestartScript() refine WebSocket handling [0764] DirFormatSize() now uses quadword [0765] DirFormatSize() adjusts units to fit size width [0766] MATCH0..8() macro to improve efficiency over memcmp() [0767] SAME1..4() macro to abstract the *(USHORTPTR)s, etc. [0768] bugfix; RequestBegin() remove RequestEnd() following failed [0769] SesolaNetBegin() resulted in redundant request rundown [0770] bugfix; SesolaNetAccept() initialise value=0 [0771] bugfix; SesolaNetRead() SSL state not SSL_ST_OK [0772] bugfix; SesolaNetWrite() SSL state not SSL_ST_OK [0773] bugfix; DavWebMicrosoftMunge2() token reprocessing [0774] bugfix; FileAcpInfoAst() SS$_BADPARAM >2GB <4GB (per JPP) [0775] bugfix; WebSockCloseMailboxes() logic [0776] bugfix; DclScriptProcessCompletionAST() don't WebSockClose() [0777] any WebSocket request currrently associated with the task [0778] bugfix; RequestEndEnd() '->WebSocketCount' already locked [0779] 06-NOV-2011 MGD v10.1.0, [0780] dragged kicking and screaming to VMS V7.0 base build [0781] Web Socket (HTML5) support [0782] Secure Sockets default to SSL v3 and TLS v1 (no more SSL v2) [0783] SET cache=[no]cookie [0784] SET map=uri [0785] SET proxy=chain=cred= [0786] SET proxy=tunnel=request= [0787] SET regex= [0788] SET response=HTTP=original [0789] SET service= [0790] SET notimeout (short-hand for timeout=none,none,none) [0791] SET websocket= [0792] "origin:" conditional [0793] "request-peek:" conditional [0794] "upgrade:" conditional [0795] "websocket:" conditional [0796] [DclScriptProctor] (pro-)activate script/environments [0797] [RegEx] enabled/disabled/ [0798] [ServiceProxyChainCred] down-stream proxy credentials [0799] [WwwImplied] "www." is implied even with virtual services [0800] ("Host:") not beginning with it (ServiceFindVirtual()) [0801] callout LIFETIME: can accept [0802] callout SCRIPT-CONTROL:string (see DCL.C) [0803] logging 'PP' outgoing proxy connection local port [0804] /DO=ALIGN=.. to allow collection and analysis of Alpha and [0805] Itanium alignment fault data using HttpdAlignFault() et.al. [0806] /DO=NET=PURGE[=..] expanded capability [0807] /DO=WEBSOCKET=DISCONNECT[=..] to disconnect WebSockets [0808] /PRIORITY= limit increased from 6 to 15 [0809] SesolaInit() default is SSLv2 off and SSLv3/TLSv1 on [0810] AuthAgentCallout() callout BODY implemented (for PAPI) [0811] MapOdsUrlTo..() consecutive '/' into a single a la Unix [0812] ServiceReportNow() service synopsis [0813] ProxyTunnelChainConnect() chain proxy authorization [0814] ProxyRequestRebuild() chain proxy authorization (BASIC only) [0815] ServiceReportNow() add summary to service report [0816] configuration lines beginning "!#" now allow WATCHable [0817] during mapping and authorisation processing [0818] reworked query string handling based on length [0819] ServiceEntityMatch() processes in-match and if-not-match [0820] CacheSearch() implement request cache control [0821] CacheLoadResponse() checks response header for [0822] "Cache-Control:" directives and adjusts accordingly [0823] CacheLoadEnd() buffer all content-type data [0824] (previous behaviour truncated at ';' or white-space) [0825] MetaConLoad() ensure metacon "lines" are quadword aligned [0826] __unaligned directive added to pointer macros in a [0827] (successful) effort to avoid alignment faults [0828] VM_OFFSET now 8 (quadword alignment) instead of 4 [0829] bugfix; OdsFileExists() parse NAM$M_NOCONCEAL in case of [0830] multi-valued, concealed logical devices and then convert [0831] returned status DNF into the functional equivalent FNF [0832] bugfix; directory listing OdsSearchNoConceal() to [0833] process concealed, multi-value logical device names [0834] bugfix; RequestRedirect() only concat '&' if including query [0835] bugfix; set rule 'CacheSetting' boolean with any CACHE=.. [0836] 02-OCT-2010 MGD v10.0.3, [0837] command-line checks of configuration files [0838] /DO=AUTH=CHECK /DO=CONFIG=CHECK (all configuration files) [0839] /DO=GLOBAL=CHECK /DO=MAP=CHECK /DO=MSG=CHECK [0840] /DO=SERVICE=CHECK [0841] TcpIp6..() functions to resolve IPv6 AAAA records [0842] ProxyRequestParse() improve IPv6 host parsing [0843] bugfix; regression at 10.0.1 with proxy authorization [0844] bugfix; SSL_set_info_callback() not SSL_CTX_set..() [0845] 01-JUL-2010 MGD v10.0.2, [0846] metacon "file:" and "directory:" to probe file-system [0847] SET script=lifetime= [0848] SET put=max= per-path equivalent of [PutMaxKbytes] [0849] SET put=max=* for (effectively) unlimited upload [0850] BODY.C significant rework to function()alise common code [0851] BODY.C improve performance with multiblock of 127 (per JPP) [0852] BODY.C make MultipartContentType(Ptr) a dynamic structure [0853] as Microsoft endeavour to include application data [0854] along with MIME content-type, see ... [0855] http://msdn.microsoft.com/en-us/library/aa338205.aspx [0856] and an example (no kidding!) ... [0857] "application/vnd.ms.powerpoint.template.macroEnabled.12application/x-font" [0858] FileNextBlocks() change QIO file size from long to quad [0859] to cater for files greater than 4GB (4GB+ is limited to [0860] file serving only, no ranges, etc.) [0861] RequestExecutePostCache() UTF-8 decode WebDAV objects [0862] RequestRedirect() support WebDAV "Destination:" field (JPP) [0863] DclAllocateTask() default unconfigured CGIplus lifetime [0864] SsiDoSet() and SsiGetTagValue() allow '$' in variable names [0865] Mapurl_ControlReload() rather than Mapurl_Load() [0866] bugfix; MapUrl_ControlReload() [0867] bugfix; DclUpdateScriptNameCache() run-time pointer [0868] bugfix; OdsNamBlockAst() odsptr->NamFileSysNamePtr [0869] always set to odsptr->SysFileName in case RMS$_FNF, etc. [0870] bugfix; RequestGet() MAX_REQUEST_HEADER (per JPP) [0871] bugfix; allow METACON_TOKEN_INCLUDE for [IncludeFile] [0872] bugfix; MetaConEvaluate() when JustChecking: HTTP header [0873] fields (e.g. "cookie:") [0874] bugfix; DavMetaReadName() and DavMetaWriteName() [0875] allow for typeless file names (e.g. ]AFILE.;) [0876] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0877] $ERASE() if not WebDAV request (access and ownership) (JPP) [0878] bugfix; DavWebSlashlessMunge() enable SYSPRV while [0879] calling OdsFileExists() (per JPP) [0880] bugfix; do not use REDIRECT for WebDAV request error report [0881] bugfix; no new token when refreshing existing lock (per JPP) [0882] bugfix; FileNextBlocks() signed/unsigned comparison [0883] when calculating buffer size on files larger than 2^31 [0884] bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms() [0885] include '|' and '%' as ODS-5 escaped characters [0886] bugfix; DirAuthorizationAst() only check access on [0887] non-empty expanded file names [0888] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0889] $CREATE() if not WebDAV request (for access and ownership) [0890] bugfix; FileNextBlocks() signed/unsigned comparison [0891] when calculating buffer size on files larger than 2^31 [0892] bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms() [0893] include '|' as an ODS-5 escaped character [0894] bugfix; DirAuthorizationAst() only check access on [0895] non-empty expanded file names [0896] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0897] $CREATE() if not WebDAV request (for access and ownership) [0898] bugfix; DirBegin() "httpd=index&" detection (since v9.3.0) [0899] bugfix; DirEnd() suppress unless RequestEnd() AST [0900] bugfix; SsiDoDcl() report cgi=/script= query string as error [0901] bugfix; UpdBegin() [goto] processing [0902] 01-MAR-2010 MGD v10.0.1, [0903] ProxyFtpListProcessUnix() names with white-space (per JPP) [0904] ProxyResponseRebuild() !"accept-encoding" (per JPP) [0905] make proxy requests subject to throttle (per JPP) [0906] MapUrl__Map() increase some buffer sizes (per JPP) [0907] RequestRedirect() add return length (overflow) check [0908] log format 'HO' request "Host:" field [0909] log format 'RH' any request header (e.g. "RH:cache-control:") [0910] log format 'VS' request virtual service [0911] According to http://www.ietf.org/rfc/rfc2145.txt a server [0912] should respond with the minor HTTP version reflecting its [0913] own compliance rather than the client's provided the [0914] response itself is compliant with the client minor version [0915] (i.e. HTTP/1.0 requests should get HTTP/1.1 in the response [0916] status line - and now implemented by ResponseHeader()) [0917] bugfix; LoggingDo() sys$flush(&RAB) not (&FAB) [0918] bugfix; LoggingDo() initialise (zero) &DummyRequest [0919] bugfix; ProxyMaintInit() use v10orPrev10() for scan (per JPP) [0920] bugfix; ProxyTunnelReadAst() data count tx (per JPP) [0921] bugfix; ConfigAcceptClientHostName() reject [0922] 29-NOV-2009 MGD v10.0.0, [0923] WebDAV 1,2 [0924] AuthAcmeVerifyUser() requires SECURITY privilege to [0925] allow ACME$M_NOAUTHORIZATION for authentication-only [0926] when using WASD_NIL_ACCESS identifier [0927] AuthAcmeVerifyUser() and AuthVmsGetUai() can now use [0928] [AuthSYSUAFlogonType] and/or an optional authorization rule [0929] parameter 'param="logon=.."' to specify the login type [0930] (default is still NETWORK) [0931] AuthRestrictAny() uses a single set of access restrictions [0932] ACME DOI name of '*' indicates use the default of [0933] ACME$LATEST_ENABLED_AGENT_LIST rather than specified DOI [0934] (authentication realm set to the DOI authentication realm) [0935] allow for []-delimited IPv6 addresses as service names [0936] concurrently support v10 and pre-v10 logical names [0937] (use WASD_.. rather than HTTPD$.. and HT_.. logical names) [0938] move WASD process naming schema from "HTTPd:" to "WASD:" [0939] (implies the automatic creation of new rights identifiers) [0940] use STR_DSC and associated StrDsc..() functions [0941] to refine and simplify formatted and buffered output [0942] OdsNameOfDirectoryFile() no longer mandatory that a [0943] directory file actually exists to generate the name [0944] MapUrl_Map()/__Map() now have a REQUEST_PATHSET parameter [0945] (to better decouple file-system mapping and path SETing) [0946] refine loading and mapping of path SETings [0947] add HTTP status filter to WATCH [0948] DclSysOutputAst() if WATCHing DCL and non-CGI-compliant [0949] response continue to end-of-script bit-bucketing output [0950] (DECNET.C code already provides this behaviour) [0951] User-defined log format now includes 'CP' client port [0952] RequestRedirect() allow a redirect to include its own query [0953] string and then concatenate any request query with '&'.. [0954] CgiVariable() optimise single-quotation escaping (JPP) [0955] GzipShouldDeflate() do not compress Shockwave Flash [0956] increase minimum size before compression to 1400 bytes [0957] HttpdExit() add explicit traceback for AXP and IA64 (per JPP) [0958] WATCH script item [0959] (interesting and useful suggestion from Jean-Pierre Petit) [0960] callout WATCH:string (see DCL.C) [0961] CGI variable WATCH_SCRIPT indicates when script WATCHing [0962] SET css= [0963] SET put=max= [0964] SET put=rfm=[FIX512|STMLF] [0965] SET script=agent=as= [0966] SET webdav=... (multiple WebDAV related settings) [0967] [AuthSYSUAFlogonType] specifies NETWORK, DIALUP, etc. [0968] [BufferSizeNetFile] global configuration directive [0969] [BufferSizeNetMTU] global configuration directive [0970] [HttpTrace] global configuration directive [0971] [PutBinaryRFM] global configuration directive [0972] [ServiceLogFormat] a per-service user-defined log format [0973] [ServiceShareSSH] share with (allow proxy to) SSH [0974] [WebDAV...] global configuration directives [0975] "webdav:" conditional [0976] logical name WASD_NO_SYSUAF_ACME disables SYSUAF via ACME [0977] logical name WASD_NO_ACME disables ACME altogether [0978] can't believe it but some PHP script paths are [0979] exceeding a SCRIPT_NAME_SIZE of 128 - bump to 256! [0980] ServiceConfigAdd() use INADDR_ANY if host name lookup fails [0981] NetCreateService() use primary if service IP addr reset [0982] activity report has some major changes (see version log) [0983] AuthorizeResponse() allow agent reason for 403 [0984] bugfix; NetWriteStrDsc() flush all full descriptors [0985] bugfix; NetWriteGzip() ensure buffer size <= 65535 [0986] bugfix; MapUrl__Map() to URL use request ODS not path ODS [0987] bugfix; ServiceConfigFromString() create and use [0988] temporary service structure when generating report [0989] bugfix; FileAcpInfoAst() and CacheAcpInfoAst() [0990] byte-range limit negative offset [0991] bugfix; OdsNamBlockAst() deliver AST with 'AstParam' [0992] (requiring parameter changes to *lots* of AST functions [0993] called by use of OdsParse() and OdsSearch() - bugga!) [0994] bugfix; AuthVmsChangePassword() ensure that [0995] rqAuth.SysUafDataPtr is populated [0996] bugfix; MapUrl__Map() proxy 'fall-thru' [0997] bugfix; ProxyResponseRebuild() proxy->client compression [0998] chunk only for HTTP/1.1 responses and connection [0999] persistence header fields reflect non-chunked GZIP stream [1000] bugfix; HttpdSupervisor() no-progress use ->BytesRaw.. [1001] bugfix; ErrorNoticed() use of 'rqptr' (from 16-NOV-2007) [1002] bugfix; NetRead() redact into DataPtr *not* into [1003] rqNet.ReadBufferPtr (which works until subsequent read :-) [1004] bugfix; DclUpdateScriptNameCache() undo bug from fix of [1005] non-existant problem from 12-APR-2008 (talk about it!) [1006] bugfix; DclUpdateScriptNameCache() copy determined [1007] script invocation method ("@","$","=", etc.) into cache [1008] 15-MAR-2008 MGD v9.3.0, [1009] RequestReport() per-current, per-connection, [1010] per-throttle and per-history [1011] CgiGenerateVariables() suppress SCRIPT_NAME if it is an [1012] empty script name ("/") [1013] RequestGblSecUpdate() include remote user and realm in [1014] request monitor data [1015] callout REDACT: and REDACT-SIZE: [1016] support for request redaction (see DCL.C) [1017] NetRead(), RequestRedact(), RequestEnd() redact support [1018] callout NOTICED: (and auth agent NOTICED) [1019] callout OPCOM: (and auth agent OPCOM) [1020] auth agent callout SCRIPT-META [1021] DirBegin() only use query string if it begins "httpd=index&" [1022] RequestExecutePostCache() check again for RequestHomePage() [1023] before final RequestFile() [1024] [ServiceProxyAuth] CHAIN [1025] AUTH_PATH variable for authentication agents [1026] AuthConfigLoadCallBack() do not lower-case path [1027] ProxyRequestRebuild() allow "Proxy-Authorization:" header [1028] only if configured for CHAIN proxy authentication [1029] [SocketSizeRcvBuf] and [SocketSizeSndBuf] [1030] HTADMIN and AUTHHTA modules allow for CONNECT method [1031] ProxyTunnel..() provide for SSL client connections [1032] Server Activity graphing slash-delimitted 'max-requests' [1033] that scales the Y axis allowing finer detail display [1034] authorization realm agent can now be '=agent+opaque' [1035] to suppress the automatic username/password challenge [1036] accounting per-request GZIP compress percentage [1037] RequestRedirect() include response cookie(s) [1038] force ACME on VMS V7.3 and later [1039] [AuthSYSUAFuseACME] obsolete [1040] bugfix; GraphActivityPlotBegin() X axis scaling for [1041] non-integral factors [1042] bugfix; GraphActivityReport() uninitialised 'cptr' before [1043] use in processing '"form"-based query string' [1044] bugfix; AdminMenu() JavaScript doIt() call [1045] bugfix; RequestGet() buggy browser kludge (per JPP) [1046] bugfix; CONNECT proxy authorization [1047] bugfix; AuthCacheGblSecInit() (per JPP) [1048] bugfix; ProxyVerifyGblSecInit() (per JPP) [1049] bugfix; SesolaCacheGblSecInit() (per JPP) [1050] 19-MAY-2007 MGD v9.2.1, [1051] RequestGet() now handles extraneous which [1052] buggy browsers can incorrectly insert after the body [1053] of a valid request (See RFC 2616 section 4.1) [1054] ProxyRequestBegin() restrict HTTP methods for FTP scheme [1055] ProxyFtpLifeCycle() process HEAD as for GET [1056] ProxyResponseRebuild() make request HTTP version a [1057] consideration before chunking proxy->client (with JPP) [1058] RequestExecutePostAuth1() kludge to allow 'implied' scripts [1059] CgiGenerateVariables() provide TRACK_ID if present (for JPP) [1060] bugfix; DclBegin() agent runs under default account [1061] bugfix; MapUrl_Map() auth agent modifying path SETings [1062] bugfix; DirFormatAcpInfoAst() 'S' (size) processing for [1063] block totals at the end of a listing [1064] bugfix; agent mappings using VMS-USER: not being cached [1065] bugfix; GzipDeflateCache() allow for cached CGI header [1066] bugfix; CacheNext() don't adjust GZIP content for CGI header [1067] bugfix; ConfigLoadCallback() post-process sanity checking [1068] for 'NetConcurrentMax' and 'NetConcurrentProcessMax' [1069] bugfix; BodyReadBegin() 413 set status before declaring AST [1070] bugfix; ProxyRequestRebuild() proxy verify [1071] "Authorization:" request header field carriage-control [1072] bugfix; ProxyNetConnectPersist() rejects all further [1073] requests once ProxyConnectPersistMax has been hit [1074] 04-NOV-2006 MGD v9.2.0, [1075] significantly enhance WATCH filtering [1076] added REG_NEWLINE to REGEX_C_FLAGS so that anchors match [1077] newlines in strings to support 'Request' filter in WATCH [1078] access logging now supports an HOURLY period [1079] remove file name length constraint for access logs created [1080] on an ODS-5 volume (allows full host name components, etc.) [1081] ProxyTunnelChainConnect() and ProxyTunnelChainConnectAst() [1082] to implement raw tunnelling through an intermediate proxy [1083] maintenance; there seem to have been some changes in the [1084] underlying TCP/IP Services handling of shared sockets [1085] so NetAcceptAst() set socket share on client and ... [1086] NetClientSocketCcl() to control BG device carriage-control [1087] (to parallel the APACHE$SET_CCL.EXE functionality) [1088] DclCalloutDefault() add GATEWAY-CCL: callout to allow [1089] BG device carriage-control from running script [1090] RequestHttpStatusCode() provides more fine-grained HTTP [1091] response status code accounting (mainly for WOTSUP) [1092] DirFormat() and DirFormatSize() allow in-line layouts to [1093] specify size with VMS format listings, as well as [1094] adding size specification of 'V' (VMS-ish, in blocks) [1095] use PercentOf() and QuadPercentOf() for more accurate and [1096] more consistent percentages [1097] AdminMenu() status panel (time, connect, request) mods [1098] AdminMenu() instance [active][standby] functionality [1099] (service item) network connection [Purge][All] [1100] activity graph; add request peak data [1101] ('network connections' has been masquerading as this) [1102] (also see 'CRAZY' note in GraphActivityReport()) [1103] for authorization add '+=' to realm default syntax for [1104] realm default to be concatenated to any path access [1105] /DO=INSTANCE=ACTIVE|STANDBY [1106] /DO=NET=PURGE[=ALL]|SUSPEND[=NOW]|RESUME [1107] NetPassive() and NetActive() to allow non-supervisor [1108] instances to be made quiescent [1109] NetSuspend() and NetResume() to allow halt and resume [1110] request processing [1111] NetPurge() to remove network connections [1112] increase AUTH_MAX_PATH_PARAM_LENGTH from 127 to 255 [1113] (initially prompted by development of AUTHAGENT_LDAP) [1114] add 'ConnectSuspend', 'InstancePassive', 'LastExitTime64', [1115] 'LastExitPid' and 'ResponseStatusCodeCount[]' to global [1116] section [1117] bugfix; LoggingDo() changes for daily period test [1118] to support hourly logging (thanks again JPP) [1119] bugfix; SsiEnd() propagate included document user variables [1120] back into parent document to ensure they remain *global* [1121] bugfix; GzipShouldDefault() uninitialized 'cptr' when no [1122] content-type would cause WatchThis() "!AZ" to barf if [1123] 'cptr' was non-NULL but pointed into an invalid page [1124] bugfix; NetAcceptProcess() and NetDirectResponse() [1125] should issue 503 for 'too busy', not 502 [1126] bugfix; StringMatchAndRegex() regular expression [1127] 'MatchType' detection prior to pre-match [1128] bugfix; ThrottleReport() column alignment of 'busy' and [1129] 'total' percentages in second row of per-path statistics [1130] bugfix; NetAccept(), NetAcceptAst(), NetAcceptProcess() [1131] nasty problem where multihomed servers 'svptr' confusion [1132] (due to the multihome pointer manipulation) could result [1133] in an attempted re-queue of an accept on a service that [1134] did not correspond to the original accept AST delivery [1135] with the result that no accept ended up being queued [1136] bugfix; ResponseHeader() and NetWrite() accomodate 304 [1137] bugfix; RequestGet() timestamp the event immediately [1138] bugfix; AuthConfigLine() propagate 'RealmCanString' by [1139] making it static storage (doh) [1140] bugfix; MenuFileDescription() status from OdsParse() [1141] bugfix; StmLfLog() -E- to -I- for non-status-value call [1142] 11-MAY-2006 MGD v9.1.4, [1143] 'Proxy affinity' courtesy of Jean-Pierre Petit (esme.fr) [1144] (see PROXY.C for an explanation of what all this means) [1145] enabled per-service using [ServiceProxyAffinity] or [1146] per-path using SET PROXY=[NO]AFFINITY [1147] SesolaCacheInit(), in conjunction with AuthConfigInit() [1148] noting the presence of any X509 realm, automatically [1149] adjusts multi-instance, SSL session cache record size [1150] to accomodate potential client certificate [1151] SesolaInit() added ICACHE=SIZE= and SSL=ICACHE=RECORD= to [1152] allow manual configuration of instance SSL session cache [1153] RequestRedirect() "//:port/path" (i.e. begins with "//:") [1154] allows a redirect to a different port on the same host [1155] increase MapUrl__Map() WildBuffer[] storage to 4096 [1156] increase HOST_STORAGE from 236 to 1004 as an interim [1157] workaround for SS$_ENDOFFILE when storage insufficient [1158] (jpp@esme.fr) - why doesn't it return SS$_RESULTOVF?!! [1159] SesolaCacheInit() if boolean 'AuthRealmX509' indicates X509 [1160] realm is in use then use a larger session cache record [1161] potential bugfix; CgiOutput() CGI_OUTPUT_MODE_CRLF output [1162] count should be checked for zero before negative index [1163] potential bugfix; when URL-encoded decoding use unsigned [1164] char to prevent sign bit issues with the likes of %FC [1165] bugfix; non-SSL SesolaCacheInit() should return not bugcheck! [1166] bugfix; SSL_shutdown() problem reported by JPP [1167] introduce SesolaNetReadAst() and SesolaNetWriteAst() [1168] to defer reset of AST function address used to indicate [1169] AST-in-progress in other parts of the code [1170] bugfix; CgiOutput() empty 'record' in stream mode should be [1171] ignored and not have carriage-control adjusted (JFP) [1172] bugfix; 'RQ' include method (equivalent of Apache "%r") [1173] bugfix; 'EM', 'ES' and 'UE' arithmetic ('doh'!?) [1174] bugfix; DECnetWriteRequestBody() suppress empty record on [1175] end-of-body for OSU (call DECnetWriteRequestBodyAst()) [1176] to prevent it interfering with functionality [1177] bugfix; HttpdTimerSet() TIMER_PERSISTENT (jpp@esme.fr) [1178] bugfix; RequestFields() allow for header lines with no [1179] white-space between field name and value (jpp@esme.fr) [1180] 24-NOV-2005 MGD v9.1.3, [1181] authorization OPAQUE realm to allow a script to completely [1182] generate it's own authentication challenge and processing [1183] bugfix; MapUrl__Map() SCRIPT result copy not checking [1184] for null resulting in occasional overflow error status [1185] bugfix; FileNextBlocks() ensure VARiable record format [1186] files have records read on word (even byte) boundaries [1187] bugfix; AuthConfigProxyMap() set cache record SYSUAF [1188] authentication boolean in tandem with request boolean [1189] bugfix; DclSysCommandAst() allow for the queued [1190] post-CGIplus script STOP/ID=0 and EOF [1191] bugfix; copy sentinals into request storage to prevent [1192] them (potentially) being overwritten by an early call [1193] to DclScriptProcessCompletionAST() [1194] bugfix; ResponseHeader() ensure a charset= supplied with [1195] a text content-type (e.g. from a CGI script) is used [1196] 15-SEP-2005 MGD v9.1.2, [1197] metacon "server-protocol:" as "1.1", "1.0", "0.9" [1198] SET proxy=reverse=[no]auth (jpp@esme.fr) [1199] AuthAcmeVerifyUser() remote IP address to refine intrusion [1200] data and reduce possibility of DOS attack on usernames [1201] support multiple IP addresses in host cache (jpp@esme.fr) [1202] support proxy to origin server failover (jpp@esme.fr) [1203] [ProxyConnectTimeoutSeconds] configures period proxy to [1204] origin server connection is attempted (1-60 seconds) [1205] add selected request data to ErrorNoticed() report [1206] /DO=ZERO=NOTICED to reset 'errors noticed' accounting [1207] refine OPTIONS ResponseOptions() to provide "Allow:" [1208] bugfix; raw proxy tunnelling requires a contrived connect [1209] request in NetRead() to initiate an AST to RequestGet() [1210] bugfix; AuthAcmeVerifyUser() ACME$_LOGON_TYPE requires [1211] IMPERSONATE (DETACH) privilege for VMS V7.3-1 and earlier [1212] bugfix; DECnetOsuDialog() allow CgiOutput() error responses [1213] bugfix; initialize TcpIpHostCacheExpireSeconds (jpp@esme.fr) [1214] 10-JUL-2005 MGD v9.1.1, [1215] [[?]] and service:? to match unknown virtual service [1216] OpenSSL v0.9.8 changed macro name EVP_F_EVP_DECRYPTFINAL [1217] bugfix; adjust CacheMemoryInUse/CachePermMemoryInUse [1218] bugfix; GzipDeflateCache() ambit buffer size calculation [1219] too small for small content lengths (just allow heaps!) [1220] 26-JUN-2005 MGD v9.1.0, [1221] SET throttle=/ per-user throttle [1222] SET script=symbol=[no]truncate [1223] allow for VMS V8.2 64 byte lksb$b_valblk [1224] /DO=DCL=[PURGE|DELETE]=[USER|SCRIPT|FILE]= [1225] script processes by username, script name, or file name [1226] /DO=NOTE= to provide admin mapping notes [1227] /DO=THROTTLE=[TERMINATE|RELEASE]=[USER|SCRIPT]= [1228] throttled requests by username or script name [1229] AdminMenu() [/DO=] button/field and supporting functionality [1230] caching of GZIP compressed content [1231] proxy cache GZIP compressed content [1232] revised multihoming so that the client specified IP address [1233] of a accept()ed connection is used to identify the service [1234] (this allows easier isolation of SSL certificates, etc.) [1235] metacon 'instance:' to allow testing of WASD instances [1236] metacon 'multihome:' to allow detection of mismatched [1237] multihomed IP addresses and services [1238] metacon 'note:' to allow testing of admin conditional notes [1239] metacon 'robin:' to allow round-robin distribution [1240] CGI variable SERVER_MULTIHOME present when above true [1241] provide PWDMIX mixed-case plus printable char passwords [1242] in AuthVmsVerifyPassword() and AuthVmsChangePassword() [1243] CgiVariable() allow path mapping script=symbol=truncate to [1244] truncate a CLI symbol within the limit of the current VMS [1245] version capacity, noting this in SERVER_TRUNCATE variable [1246] SesolaInitService() no longer needs to clone [1247] modify VM statistics to a max of 1024 pages and granularity [1248] of 8 (GZIP significantly increased memory requirements) [1249] DclTaskRunDown() proactively handle task after SS$_NONEXPR [1250] ProxyMaintSupervisor() return if caching not enabled [1251] IA64 TcpIpSetAgentInfo() Multinet uses UCX$IPC_SHR [1252] in the image header (TCP/IP Services' TCPIP$IPC_SHR) [1253] AuthVmsVerifyUser() WATCH which flag causes failure [1254] allow client-side GZIPing of non-GZIPed proxied responses [1255] (courtesy Jean-Pierre Petit at jpp@esme.fr) [1256] allow config files to be a logical search list [1257] (initially to support multiple language HTTPD$MSG files) [1258] relax configured file type check if path SETing [1259] script=command=<..> provides a full activation command [1260] HTTPD$VERIFY can now specify a REMOTE_ADDR IP address [1261] allow report path to exclude using negative codes [1262] SSI to response header [1263] SSI to pre-expire [1264] make EXQUOTA (particularly ASTLM) a little more obvious [1265] bugfix; remove mutex around spurious wake counter [1266] bugfix; MetaConLoad() allocate structure before non-filename [1267] return! (revealed by Alex Daniels with no HTTPD$SERVICE) [1268] bugfix; prevent expired SYSUAF password from being cached [1269] bugfix; ProxyEnd(rqptr) should be ProxyEnd(ktptr) in [1270] ProxyNetHostConnectAst() (jpp@esme.fr) [1271] bugfix; FileResponseHeader() if none-match entity and [1272] IfModifiedSince() logic [1273] bugfix; GzipDeflateCache() ambit buffer size caclulation [1274] (captr->ContentLength >> 9) now (.. >> 7) (jpp@esme.fr) [1275] bugfix; MapOdsUrlToOds2Vms() DECnet access string should [1276] be able to support the space required for password [1277] bugfix; HTTP_METHOD_.. constants needs to be a bitmap! [1278] bugfix; the Ben Burke collection :-) [1279] bugfix; SesolaNetClientShutdown() remove SSL_shutdown() [1280] (revealed by https: tunnelling shutdown) [1281] bugfix; keyword search exclusion on configured file type [1282] 04-FEB-2005 MGD v9.0.2, [1283] SET script=control=<...> [1284] [GzipFlushSeconds] controls GZIPed response flush interval [1285] NetWriteGzip() abandon using argument counts to determine [1286] AST usage or direct call, use NetWriteGzipAst() instead [1287] RequestParseAndExecute() and ProxyRequestBegin() remove [1288] explicit disable of POST & PUT connection persistence [1289] CgiOutput() if "Location:" is supplied but no HTTP [1290] status turn it into a 302 (see also ResponseHeader()) [1291] ResponseHeader() include 'rqResponse.LocationPtr' [1292] GzipShouldDeflate() disable PDF deflation by default [1293] bugfix; aarghh! NetWriteGzip()/NetWriteGzipAst() [1294] bugfix; ServiceConfigAdd(), NetHostNameLookup() status check [1295] bugfix; ProxyReadResponseAst() if required, chunking needs [1296] to be performed after header as well as body processing [1297] bugfix; NetWriteChunked() ensure an empty body is [1298] terminated with a chunk of zero [1299] bugfix; NetWrite() distinguish between "empty" data and [1300] end-of-stream (inducing occasional ZLIB buffer errors) [1301] bugfix; AuthorizeRealm() check for login cookie before [1302] revalidating new cache record credentials (jpp@esme.fr) [1303] 22-DEC-2004 MGD v9.0.1, [1304] introduce chunked responses where content-length is [1305] unknown to enhance connection persistence behaviour [1306] SET response=[no]chunked [1307] CGI Script-Control: X-transfer-encoding-chunked[=0|1] [1308] in Sesola_read() and Sesola_write() remove [1309] BIO_set_retry_..() and BIO_clear_retry_..(), [1310] bugfix; NetWriteGzip() AST no remaining data length [1311] bugfix; Sesola_read_ast() and Sesola_write_ast() [1312] zero I/O status block count on error status [1313] bugfix; MapOdsVmsToUnix() empty if empty [1314] 01-DEC-2004 MGD v9.0.0, [1315] HTTP/1.1 compliance [1316] persistent connections over SSL [1317] persistent proxy connections [1318] proxy tunnelling [1319] significant changes to proxy cache file processing [1320] GZIP transfer-encoding (reponse and request) [1321] allow ResponseHiss() kBytes [1322] allow throttling with zero requests being processed [1323] metacon 'request-method:?' tests for HTTP extension method [1324] metacon refined directive and request header field processing [1325] request redirect, CGI variable and proxy request field [1326] processing refined [1327] SET report=tunnel [1328] SET response=gzip=<...> [1329] SET script=body=[no]decode [1330] SET script=syntax=[no]unix [1331] [ConnectMax] (supercedes [Busy]) max concurrent connections [1332] [EntityTag] enables the generation of file "ETag:", [1333] [GzipAccept] accept gzip encoded request bodies [1334] [GzipResponse] level[,memory,window] gzip encoded responses [1335] [LogWriteFail503] service unavailable 503 response when [1336] access log write fails [1337] [PipelineRequests] enables pipeline processing [1338] [ProcessMax] max concurrent requests being processed [1339] [ProxyCacheNegativeSeconds] for non-success responses [1340] [ProxyConnectPersistMax] and [ProxyConnectPersistSeconds] [1341] for controlling proxy->server connection persistence [1342] [ServiceProxyTunnel] connect | firewall | raw [1343] [ServiceClientSSLcert] and others allow outgoing SSL config [1344] [TimeoutPersistent] supercedes [TimeoutKeepAlive] [1345] CGI Script-Control: X-content-encoding-gzip[=0|1] [1346] bugfix; FileVariableRecord() memset only if positive [1347] bugfix; (authorization) agents should not begin to read [1348] a POSTed request body (Jean-Pierre Petit, jpp@esme.fr)) [1349] bugfix; CgiOutputFile() missing sizeof(FILE_CONTENT) [1350] when VmReallocHeap() increasing buffer space [1351] bugfix; AuthReadSimpleList() group member password check [1352] 02-OCT-2004 MGD v8.5.3, [1353] revalidation periods and '?httpd=logout&goto=...' [1354] change from self-relative to absolute links in "Index of" [1355] anchor generation (broke usage in some SSI documents) [1356] bugfix; MetaconClientConcurrent() if IP address not the same! [1357] bugfix; auth=revalidate= is minutes not seconds [1358] bugfix; even number of bytes on a disk $QIO READVBLK [1359] bugfix; HttpTimerSet() after mapping in case of SET timeout [1360] bugfix; ServiceFindVirtual() port string comparison [1361] 31-JUL-2004 MGD v8.5.2, [1362] bugfix; StringMatchAndRegex() SMATCH__GREEDY_REGEX [1363] bugfix; (potential anyway) PutWriteFileClose()/PutEnd() [1364] bugfix; TcpIpNetMask() result in AuthRestrictList() [1365] bugfix; ProxyFtpPasvData() if PASV response address [1366] is 0.0.0.0 then use connect address [1367] 30-JUN-2004 MGD v8.5.1, [1368] bugfix; HttpdExit() INHIB_MSG test [1369] 07-JUN-2004 MGD v8.5.0, [1370] IPv6 (concurrent with IPv4) support [1371] ACME authentication (realm) [1372] [AuthSysUafUseACME] config directive [1373] config directives [DNSLookupClient] (formerly [DNSLookup]), [1374] [DNSLookupLifeTime] and [DNSLookupRetry] [1375] config directive [ProxyHostCachePurgeHours] obsolete [1376] SYSUAF user verification now checks pre-expired passwords [1377] changes to eliminate RMS from file access and proxy cache [1378] (WASD's doing all the content conversion work anyway!) [1379] by using ACP/QIOs and massaging record content explicitly [1380] (outgrowth of returns from 8.4.3 changes in this area) [1381] on-disk structure for each PASS result (ODS-2 or ODS-5) [1382] is applied to a path unless otherwise SET with ODS= [1383] bugfix; file cache pointer initialization before [1384] first call to CacheNext() [1385] bugfix; agent script should have non-strict-CGI ignored [1386] (stupid problem introduced with script output caching) [1387] 04-MAR-2004 MGD v8.4.3, [1388] read variable record format files using block IO and then [1389] explicitly process those records to produce a stream-LF [1390] block of data in their place! [1391] (provides in excess of 400% throughput boost!!! :^) [1392] set script process default directory before activation [1393] set script process parse extended/traditional if path ODS set [1394] CGI 'Script-Control: X-content-handler=SSI' field [1395] absorb CGI/NPH header during script CGI processing [1396] SET ssi=exec= [1397] script=default= [1398] SSI can now be enabled on a per-path basis using 'ssi=exec=#' [1399] SSI #exec (#dcl) directives can be allowed on per-path basis [1400] using SET ssi=exec= (e.g. 'ssi=exec=say,show') [1401] 'delete-on-close' file specification extended [1402] SSI [1403] metacon add server_process_gt:, change to client_connect_gt: [1404] and server_connect_gt: to better reflect functionality [1405] service access log report (last 65kB of an access log) [1406] add connect processing and keep-alive accounting items [1407] DECC 6.2 objected to '$DESCRIPTOR(name,ptr->string)' [1408] bugfix; rare RECTOOBIG on variable record length file where [1409] longest record exceeded 'OutputBufferSize' so initialize [1410] buffer to maximum of 'OutputBufferSize' or file lrl [1411] bugfix; RequestExecute() re-set error by redirect [1412] bugfix; ErrorGeneral() always get module name and number [1413] bugfix; DclAllocateTask() CGIplus with virtual services [1414] bugfix; ProxyFtpListProcessUnix() maximum fields handling [1415] 08-JAN-2004 MGD v8.4.1, [1416] SET response=header=[no]add[=""] [1417] 04-JAN-2004 MGD v8.4.0, [1418] compilation and run-time support for IA64 [1419] for VMS 7.3-2 and later take advantage of the larger [1420] EDCL CLI line (255->4095) and symbol (1024->8192) sizes [1421] 'config directory' located authorization databases [1422] authorization path keyword 'final' to conclude further [1423] rule mapping at that point (as if none matched) [1424] rule mapping "set map=root=" allows a set of rules [1425] to be rooted to a particular path (CGI document-root) [1426] support "Range: bytes=[,..]" request field [1427] for non-VAR-record files and cached files [1428] provide network mode operation (server and scripts) [1429] revise detached process cleanup candidate identification [1430] (now requires CMKRNL privilege to use $GRANTID service) [1431] modify DCL.C script activation code (allow qualifiers [1432] and/or parameters to be supplied from path setting) [1433] extensive rework of cache module to allow non-file content [1434] (e.g. script) output to be cached [1435] [CacheGuardPeriod] configuration directive [1436] optional HTTPD$MSG [language] 'charset=' parameter [1437] HTA database now "read [record] regardless of lock" [1438] SET cache=[no]cgi, cache=expires=, cache=[no]file, [1439] cache=[no]net, cache=maxkbytes=, cache=[no]nph, [1440] cache=[no]script, cache=[no]ssi, [1441] map=root=, [1442] map=set=[no]ignore, map=set=[no]request, [1443] proxy=reverse=location=, proxy=reverse=verify, [1444] response=header=[append|full|none], [1445] script=command= [1446] reverse-proxy 302 "Location: ..." response can have the [1447] location URL rewritten to reflect the original host [1448] reverse-proxy can be locally authorized and then have [1449] that verified by the proxied-to server (UMA) [1450] metacon "document-root:" ('DR') reflects "set map=root=" [1451] add "client_current_gt:" and "server_current_gt:" [1452] /PERSONA=IDENT= is now available for PERSONA_MACRO [1453] mapping now URL-encodes a redirect wildcard path portions [1454] rework some report item format and content [1455] check Digest authentication against Mozilla 1.4 [1456] only check SYSUAF secondary password expiry date/time [1457] if the secondary password hash is not empty [1458] bugfix; error report by redirect, set after virtual host [1459] bugfix; GraphActivityPlotBegin() and GraphActivityDataScan() [1460] signed/unsigned issue masking out request value [1461] bugfix; chained proxy CONNECT processing [1462] bugfix; keep track of outstanding body reads [1463] bugfix; according to the doco "Index of"s from SSI should [1464] not be delimited top or bottom (up to SSI to caption it!) [1465] bugfix; DclScriptProcessPurge() [1466] 12-OCT-2003 MGD v8.3.2, [1467] bugfix; DECnet allow for outstanding network writes [1468] bugfix; "internal" script detection [1469] bugfix; MetaConLoad() [IncludeFile] [1470] bugfix; ProxyRequestRebuild() rebuild buffer space [1471] bugfix; suppress output after "Script-Control: x-error..." [1472] bugfix; keyword search exclude file type [1473] bugfix; notepad needs to be explicitly NULLed [1474] bugfix; MAP-FILE: stripping leading character [1475] bugfix; DECnet allow for outstanding body reads [1476] 15-AUG-2003 MGD v8.3.1, [1477] allow the database directory location to be specified using [1478] authorization rule 'param="/directory=device:[directory]"' [1479] allow for and keep track of $HIBER spurious wakes [1480] massage SYSUAF-authenticated remote username to comply [1481] with VMS requirements [1482] suppress digest auth challenge except for HTA and external [1483] where CDATA constraints make using entity impossible [1484] use a field name of hidden$lf and ^ substituted [1485] with the BODY.C module doing some sleight-of-hand with it [1486] (modern browsers like Mozilla were having issues) [1487] BODY_DISCARD_CHUNK_COUNT made *very* large [1488] bugfix; ServiceConfigReviseNow() form element names must be [1489] unique (technically correct, enforced by modern browsers) [1490] bugfix; AuthCacheAddRecord() [1491] bugfix; check for NULL pointer 'cnptr->ReuseConnection' [1492] bugfix; DECnetCgiDialog() not strict wait for EOF sentinal [1493] bugfix; do not allow SET mapping during a callout [1494] bugfix; use _BBCCI() to clear the mutex in InstanceExit()!! [1495] bugfix; SesolaCacheAddRecord() oldest tick second [1496] 28-JUN-2003 MGD v8.3.0, [1497] regular expression support [1498] [AuthFailurePeriod], [AuthFailureTimeout], [1499] [ProxyUnknownRequestFields], [RegEx] directives [1500] SET cache=[no]perm, cache=max= [1501] SET notepad= and if (notepad:) [1502] metacon "notepad:", "regex:", "request:" ('RQ'), "restart:" [1503] [Match] Server Admin item, report, and WATCH item [1504] file cache support for permanent and volatile entries [1505] improve efficiency RequestRedirect() & ProxyRequestRebuild() [1506] store and provide unrecognised request header fields [1507] rework break-in detection and processing [1508] (configuration defaults to LGI sysgen parameters and now [1509] operates in the same way as described for general VMS) [1510] /SYSUAF=(VMS,ID) allows concurrent VMS and ID authorization [1511] add proxy cache device error count statistics [1512] home pages may now be [Welcome]+[DclScriptRunTime] specified [1513] (i.e. provided via scripting environments such as PHP) [1514] request heap statistics and VmRequestTune() [1515] bugfix; add HTTP protocol to combined/common format URL [1516] bugfix; request body to be read needs to be the smaller of [1517] remaining body or buffer size (jpp@esme.fr) [1518] bugfix; InstanceMutex..() use _BBCCI() to clear the mutex [1519] bugfix; FILE.C FileSetCharset() following CacheSearch() [1520] moved to CACHE.C module (ACCVIO if entry NULLed) [1521] bugfix; ProxyMaintDeviceStats() volume count (set) handling [1522] bugfix; ServiceConfigFromString() (jpp@esme.fr) [1523] bugfix; DirFormatLayout() static flags (jpp@esme.fr) [1524] bugfix; request SET Html.. memory allocation (jpp@esme.fr) [1525] bugfix; MetaConParse() decrement index (back) when [1526] not currently executing an if()inline directive [1527] bugfix; (and refine) DECnetSupervisor() [1528] bugfix; DclSysOutputAst() do not rundown script process [1529] if the error generated came from "Script-Control:" [1530] bugfix; CGI(plus) allow for '!' from (!$blah) mapping rule [1531] 09-APR-2003 MGD v8.2.0, [1532] some minor logging format changes for server entries [1533] wildcard and comma-separated list of languages [1534] can be specified (e.g. "[Language] es-ES,es,es-*") [1535] [ProxyForwarded] supercedes [ProxyAddForwardedBy] with [1536] proxy=forwarded[=...] mapping rule [1537] [ProxyXForwardedFor] configuration directive with [1538] proxy=xforwardedfor[=...] mapping rule to support [1539] proxy generation of "X-Forwarded-For:" header field [1540] authentication agent '100 REASON any text' [1541] script=as=$? to indicate optional use of SYSUAF username [1542] SET dir=style[=default|original|anchor|htdir], [1543] SET html=[bodytag|header|headertag|footer|footertag]=[..] [1544] and incorporation in "Index of", selected other facilities [1545] SET cgiplusin=[none|cr|lf|crlf], SET cgiplusin=eof, [1546] SET script=query=none, SET script=path=find, [1547] SET [no]search=none [1548] disable 'NetMultiHomedHost' (should not be required [1549] for modern virtual service processing) [1550] script=params=+(name=value) concatenates to any existing [1551] HTAdminPasswordChange() check for VMS group write [1552] processes created using HttpdDetachServerProcess() now have [1553] a YYYYMMDDHHMMSS timestamp as part of the process log name [1554] with RTEs look first for one that was executing the same [1555] script, then if not found fall back to (any) LRU RTE [1556] SYSUAF security profile via rule and /PROFILE=BYRULE [1557] script as SYSUAF username can be requested with auth rule [1558] allow [[service]] to include the [[scheme://service]] [1559] relax ServiceParse() so that [[the.host.name]] is accepted [1560] enable SYSPRV in HTAdminDatabaseSearch() [1561] relax initial CGI response line checking [1562] build 'records' from script single byte output streams [1563] general (non-RTE) run-time allowed with (!..) syntax [1564] both run-time specifications allowed with SCRIPT rule [1565] added GATEWAY_EOF/EOT/ESC CGI variables [1566] sentinals changed to have only RMS-compliant characters [1567] supply more detail from "%DCL-E-OPENIN, blah" responses [1568] SesolaParseCertDn() record /email and /emailAddress [1569] bugfix; Alpha VMS V7.1 or earlier sys$persona_assume() [1570] needs to be used in the same way as for VAX [1571] bugfix; RequestRedirect() append remain CGI response header [1572] bugfix; body provision for script processing restart [1573] bugfix; proxy FTP ResponseHeader() content-length of zero [1574] bugfix; StringParseQuery() loop on string overflow [1575] bugfix; HTAdminPasswordChange() cache reset realm [1576] bugfix; error recovery in Sesola_read() and Sesola_write() [1577] bugfix; DECnetFindCgiScript() foreign verb creation [1578] 10-JAN-2003 MGD v8.1.1, [1579] SET script=query=relaxed [1580] AuthVmsLoadIdentifiers() more flexible [1581] bugfix; ControlEnqueueCommand() occasional race condition [1582] 07-DEC-2002 MGD v8.1.0, [1583] SET auth=all (path must be subject to authorization or fail) [1584] CGI 'Control-Script:' X-error-... fields [1585] add 'mp' mapping and 'mapped-path:' metacon conditionals [1586] add 'rc' mapping and 'redirected:' metacon conditionals [1587] add 'st' mapping and 'script-name:' metacon conditionals [1588] add "path-translated:" metacon conditional [1589] skeleton-key authentication [1590] refine mapping rule processing to ensure that paths with [1591] forbidden syntax generate RMS bad syntax [1592] check for device and directory (minimum) before parse [1593] refine metacon reporting (reporting detected errors to OPCOM) [1594] the server now detects the presence of HTTP$NOBODY [1595] account and scripts using that [1596] if the server is using HTTP$NOBODY or /script=as= [1597] DECnet scripting now uses the same account [1598] refine VMS security profile usage (no, just coincidence!) [1599] to allow VMS profile authorized requests to override [1600] directory listing controls (amongst other things) [1601] server process log is now accessable via the Admin Menu [1602] additional mapping functionality (SET query-string=) [1603] no sneaky getting directory contents by downloading files! [1604] CGI.C in non-strict CGI mode report anything like [1605] "%DCL-E-OPENIN, blah" as a failed script activation [1606] PUT.C allow for white-space in multipart file names [1607] bugfix; in OdsNameOfDirectoryFile() use SYSPRV [1608] around sys$parse() to ensure access to directory [1609] bugfix; set path dir=access not ignored [1610] 25-SEP-2002 MGD v8.0.1 [1611] additional persona counters [1612] /script=as= allows a NOBODY scripting environment [1613] without enabling PERSONA in general [1614] require account SYSPRV for certain command-line activities [1615] implement /persona=[authorized|relaxed|relaxed=authorized] [1616] to prevent inadvertant scripting using privileged accounts [1617] HttpdDetachServerProcess() [STARTUP]STARTUP_SERVER.COM [1618] MapOdsElementsToVms() excise parent directory syntax [1619] only use MapUrl_VmsUserName() path ODS if not already set [1620] SET report=4nn=nnn for mapping HTTP status [1621] SET map=ellipsis now required to map VMS '...' wildcard [1622] SET dir=charset= directory listing charset mapping rule [1623] support 'script=as=' functionality, plus DECnet variants [1624] NODE"$":: substitutes SYSUAF authenticated username into [1625] access string (for proxy access to account) and [1626] NODE"~":: substitutes '/~username/' username in same way [1627] set path en/decoding for RSI (MultiNet NFS), PATHWORKS (v4), [1628] Advanced Server (PATHWORKS v6) / Samba file naming schemas [1629] (as well as for ODS-2 and ODS-5) [1630] AuthVmsCheckUserAccess() traps SS$_NOCALLPRIV returning [1631] SS$_NOPRIV to allow directory listings of DFS volumes [1632] introduce fab$b_rfm and fab$b_rat as fields to allow [1633] PUT.C to specifically set these attributes as required [1634] refine SesolaReport() for obtaining service ciphers [1635] (OpenSSLv0.9.6f/0.9.7-beta break it) [1636] local redirection should have the path re-URL-encoded [1637] FAO change function of "!&U" to "!&P", new "!&U" [1638] enhance authentication and SSL global section creation [1639] allow for 'pass /* 400' (i.e. no trailing message) [1640] RFC1413 authorization with DNS lookup use host name to [1641] construct remote user string [1642] rework path alert notification for greater functionality [1643] bugfix; make ServiceConfigLoad() file not found non fatal [1644] bugfix; ConfigIconFor() terminate on content-type [1645] bugfix; if restart MIME boundary matching algorithm [1646] using that char (allow for --..boundary) [1647] bugfix; 'Xray' broken in v8, repaired and reworked [1648] bugfix; always revalidate X509 and RFC1413 [1649] (for path authorization after script) [1650] bugfix; 'script' and 'exec' MetaConParseReset() state [1651] bugfix; set AuthCacheRecordSize from HTTPD$CONFIG value [1652] bugfix; when discarding via BodyReadBegin() use BodyRead() [1653] to queue a network read only if data is outstanding [1654] bugfix; template/result wildcard checking for scripting rules [1655] bugfix; do not count callout records for CGI header purposes [1656] 03-JUL-2002 MGD v8.0.0 [1657] "instance" capability (loosely coupled, multiple [1658] socket/service-sharing servers on the one system) [1659] meta-config (integrated config, mapping, service, auth), [1660] provide "module WATCHing" for on-line, ad hoc debug [1661] SET script=params=(name=value), proxy=bind=
and [1662] proxy=chain= mapping rules [1663] asynchronous block processing of POST and PUT request body [1664] some accomodations for Mozilla-HTTP/1.1 "Cache-Control:" [1665] improve performance with EFN$C_ENF and use explicitly [1666] allocated event flags for avoiding potential interactions [1667] client host name lookup now asynchronous [1668] FTP proxying processing [1669] /DEMO demonstration mode [1670] 29-JUN-2002 MGD v7.2.3 [1671] some accomodations for Mozilla-HTTP/1.1 "Cache-Control:" [1672] bugfix; [ProxyCacheNoReloadSeconds] parsing [1673] bugfix; (well sort of) it would appear that after NO_CONCEAL [1674] searching and a sys$open() must sys$close() *before* the [1675] SYNCHCK sys$parse() release resources otherwise a channel [1676] bugfix; ensure when OdsParse() is used successively with [1677] the same ODS structure that previous resources are first [1678] released (can present a problem unique to search lists) [1679] to the device is left assigned!! [1680] bugfix; ensure sys$search() RMS channel is released [1681] bugfix; ProxyResolveHostCache() NULL 'rqptr' [1682] bugfix; account/password expiry [1683] bugfix; DclFindFileEnd() reset result file name [1684] bugfix; SsiAccessesClose() now synchronous using SYSPRV [1685] 13-APR-2002 MGD v7.2.2 [1686] Authorize() allow /NO401 parameter to suppress server [1687] challenge to allow external agent to response (e.g. PHP) [1688] ProxyHostConnectAst() invalidate host cache entry [1689] NetCreateService() checks previously bound address [1690] MapOdsUrlToVms() eliminate chance of device:[.directory] [1691] make a proxy reactive purge initially more agressive [1692] keep-alive decision logic to RequestFields() [1693] bugfix; ensure only one request revalidates a cache entry at [1694] a time (multiple could cause eventual channel exhaustion) [1695] bugfix; switch return not break with next reactive scan [1696] bugfix; AuthConfigProxyMap() wildcard string results [1697] bugfix; ODS-5 parent directories with multiple periods [1698] bugfix; command-line proxy cache maintenance reporting [1699] bugfix; FileNextRecordAst() VAR file into contents buffer [1700] bugfix; MAPURL.C throttle report [1701] bugfix; AuthCacheAddRecord() and host group without "host=" [1702] bugfix; reset SSL state to SSL_ST_OK if renegotiation fails [1703] bugfix; DclTaskRunDown() reset script task type [1704] bugfix; MsgFor() Accept-Lang: comparison [1705] bugfix; NetAcceptAst() deassign channel when connect dropped [1706] bugfix; wildcard substitution in MapUrl__Map() [1707] bugfix; StringMatch() wildcard matching [1708] bugfix; close log file for ALL services in LOGGING.C [1709] bugfix; !&M formatting directive in PROXYCACHE.C [1710] bugfix; /RELAXED should allow all but DISUSERed accounts [1711] to authenticate regardless of RESTRICTED or CAPTIVE flags [1712] 03-NOV-2001 MGD v7.2.1 [1713] PERSONA.C using PERSONA.MAR can now provide persona scripting [1714] for pre-VMS 6.2 VAX systems (CAUTION!! - UNSUPPORTED) [1715] "TASK=CGI..", "0=CGI.." recognised as DECnet CGI dialog [1716] FAB$M_TEF to deallocate unused log file space [1717] StringMatch() replaces SearchTextString() for more [1718] light-weight text matching (affects six modules) [1719] [SsiSizeMax] and [ProxyCacheNoReloadSeconds] [1720] FILE.C block I/O complete if _rsz is less than _usz [1721] 'ProxyCacheNoReloadSeconds' limits immediate (pragma) reload [1722] ensure mapping conditional not mistaken for missing template [1723] kludge work around spawning authorized privs with $CREPRC [1724] bugfix; ensure only one request revalidates a cache entry at [1725] a time (multiple could cause eventual channel exhaustion) [1726] bugfix; close current log file if period changes [1727] bugfix; DECnet user script mapping [1728] bugfix; FileNextBlocksAst() 'ContentRemaining' [1729] bugfix; wildcard substitution in MapUrl__Map() [1730] bugfix; sys$close() in OdsLoadTextFile() [1731] bugfix; always generate callout sequences [1732] bugfix; a bugfix in VMS V7.2 has broken the previously [1733] working usage of IO$_MODIFY in ProxyCacheSetLastAccessed() [1734] bugfix; activity graphic [1735] bugfix; check ParseQueryField() in WatchBegin() for NULL [1736] bugfix; allow agent to provide 'CGIPLUS:' directive [1737] bugfix; 'layout=U' upper-casing [1738] 01-JUL-2001 MGD v7.2.0 [1739] X.509 authentication and authorization [1740] RFC1413 (identfication protocol) authorization [1741] remote user to vms user (SYSUAF authorization) proxy mapping [1742] proxy cache maintainence may now be done from the CLI [1743] HTL list maintenance can now be done from the Admin Menu [1744] a fatal authorization problem now disables authorization [1745] "hh:mm:ss" allows for a more versatile period [1746] concurrent processing controls (request "throttling") [1747] improved script process run-down conditions and handling [1748] HttpdTick() drives XxxSupervisor()s [1749] control (/DO= and Admin menu) now via a global section [1750] monitor (HTTPDMON) data now supplied via a global section [1751] suppress CGI content-type "x-internal..." [1752] [IncludeFile] for all configuration files [1753] request supervisor refinements [1754] .URL file processing [1755] 01-JUL-2001 MGD v7.1.2 [1756] add selective status codes to error report path [1757] refine 'view' and 'list' redirection in UPD.C [1758] refine logging RMS characteristics (500% improvement) [1759] provide for ODS-5 "hidden" files ('^.') [1760] check network status during SSL accept [1761] EXEC of file type [1762] remove http: check from SesolaAccept() [1763] bugfix; parsing of [ServiceProxyChain] [1764] bugfix; 'RU' conditional [1765] bugfix; SCRIPT_FILENAME with CGIplus [1766] bugfix; NetThisVirtualService() and call conditions [1767] bugfix; SesolaFree() BioPtr [1768] bugfix; AuthVmsCheckUserAccess() return SS$_NOPRIV [1769] bugfix; ParseNetMask() and VSLM mask processing [1770] bugfix; sys$create_user_profile() length size from word [1771] (System Services Manual) to unsigned int (startlet.h)! [1772] bugfix; authorization network masks [1773] bugfix; directory specfication length (sys$check_access()) [1774] bugfix; HTAdminPasswordChange() call to FaoToOpcom() [1775] bugfix; AuthGenerateHashPassword() force upper-case [1776] bugfix; final status at write group/no read group check [1777] 18-JAN-2001 MGD v7.1.1 [1778] HTTPD$SCRATCH automatic script scratch file cleanup [1779] authentication agent can now '100 SET-COOKIE rfc2109-cookie' [1780] bugfix; memory leak in AUTH.C [1781] bugfix; FILE.C make a search list DNF appear as a FNF [1782] bugfix; /PROFILE empty directory passing incorrect parameter [1783] bugfix; general error reporter variable arguments [1784] bugfix; final authorization failure should specify 403 [1785] bugfix; ensure mapping rules exist for authentication agents [1786] bugfix; control cache purge arguments [1787] 17-OCT-2000 MGD v7.1.0 [1788] sys$creprc() scripting [1789] sys$persona...() scripting [1790] Run Time Environments (RTEs) [1791] server-group/cluster-wide directives (via DLM) [1792] further refined CGI.C module output handling [1793] apply authorization to SSI.C #include'd and #dir'e [1794] client socket (BGnnnn:) potentially sharable for scripts [1795] proxy cache device directory organization flat256/64x64 [1796] modify SSL initialization to better indicate "fallback" [1797] integration of WATCH peek/one-shot [1798] 03-SEP-2000 MGD v7.0.2 [1799] limit script output of ENDOFFILE [1800] if CGI response "Content-Encoding:" force stream mode [1801] bugfix; ProxyResolveHostLookup() can be called multiple [1802] during host name resolution - only allocate channel once!! [1803] bugfix; include Accept-Encoding when redirecting [1804] bugfix; ParseQueryField() string length check [1805] 09-JUL-2000 MGD v7.0.1 [1806] locking around proxy cache scans [1807] add "success=" 303 processing to PUT.C file upload [1808] improve CgiOutput() header processing (again!) [1809] correct concealed/searchlist parsing [1810] allow "302 location" redirection from authentication agent [1811] bugfix; proxy CONNECT service [1812] bugfix; HEAD requests specifying content-length [1813] bugfix; WatchCliSettings() storage [1814] 01-JUN-2000 MGD v7.0.0 [1815] support extended file specifications [1816] (ODS-5 under Alpha VMS V7.2ff) [1817] event reporting via OPCOM [1818] some "Apache" support for easing CGI script ports [1819] access log file naming refinements [1820] 18-MAR-2000 MGD v6.1.3 [1821] bugfix; authconfig processing [1822] 06-JAN-2000 MGD v6.1.2 [1823] authorization failure limit evasion period [1824] numerous warnings from DECC v6.2 addressed [1825] bugfix; user restriction list pass (broken in 6.1) [1826] 17-DEC-1999 MGD v6.1.1 [1827] bugfix; quote double-up in CgiVariable() (INSVIRMEM exit) [1828] 04-DEC-1999 MGD v6.1.0 [1829] "agent" authentication/authorization [1830] CGI(plus) processing provides callouts [1831] SSI module now supports OSU-specific directives [1832] /SYSPRV now allows operation with SYSPRV turned on [1833] "one-shot" WATCH and "peek" reports [1834] output no-progress timer [1835] remove NETLIB support [1836] 16-OCT-1999 MGD v6.0.3 [1837] bugfix; sys$create_user_profile [1838] bugfix; mapping storage overflow [1839] USER mapping rule for SYSUAF access [1840] 12-SEP-1999 MGD v6.0.2 [1841] minor changes to authorization processing [1842] bugfix; service parsing and SSL [1843] virtual services now match using "Host:" field [1844] 19-JUN-1999 MGD v6.0.1 [1845] refinements to request termination/rundown [1846] bugfix; DECnet (CGI and OSU) task handling [1847] bugfix; proxy request HTTP/0.9 response processing [1848] 30-MAY-1999 MGD v6.0.0 [1849] proxy, with HTTP caching [1850] OpenSSL 0.9.3 support (also SSLeay support) [1851] extended authorization/authentication environment [1852] 31-MAR-1999 MGD v5.3.4 [1853] bugfix; SesolaReport(), HttpHeaderChallenge() [1854] 28-MAR-1999 MGD v5.3.3 [1855] SSI variables global (when "#include"ing other SSI) [1856] SSI read buffer determined by 'FileXabFhc.xab$w_lrl' [1857] 05-FEB-1999 MGD v5.3.2 [1858] bugfix; FileNextRecord() zero '_usz' [1859] 10-JAN-1999 MGD v5.3.1 [1860] greater granularity when WATCHing authorization [1861] bugfix; OSU scripting pass *mapped* file spec [1862] 14-NOV-1998 MGD v5.3.0 [1863] [[host:port]] virtual service syntax [1864] [AddType] can now "text/html; charset=ISO-8859-1" [1865] [CharsetDefault] sets text and server character set [1866] improved AST granularity several significant modules [1867] WATCH report and CLI [1868] RMS-invalid substitution character in mapping rules [1869] bugfix; NameOfDirectoryFile() [1870] 29-AUG-1998 MGD v5.2.0 [1871] reuse DECnet task connections [1872] allow specified hosts exclusion from logging [1873] stream-LF conversion only on specified paths [1874] bugfix; SYS$TIMEZONE_DIFFERENTIAL processing [1875] bugfix; DECnet tasks not aborted at timeout [1876] 07-JUL-1998 MGD v5.1.0 [1877] add eXtended Server Side Includes processing [1878] design-problem; modify CGIplus script rundown [1879] SYSUAF authentication by identifier [1880] per-service logging [1881] rqptr->rqTmr.Terminated (occasional lib$get_vm() [1882] %LIB-F-BADLOADR around connection expiry termination) [1883] 20-DEC-1997 MGD v5.0.0 [1884] optional Secure Sockets Layer (using SSLeay) [1885] DECnet-based scripting including OSU emulation [1886] miscellaneous revisions and "improvements" [1887] 07-JAN-1997 MGD v4.5.2 [1888] bugfix; record-mode file transfer [1889] bugfix; activity graph [1890] 06-DEC-1997 MGD v4.5.1 [1891] resolving a suspected inconsistent AST delivery situation [1892] by requiring all $QIO()s with AST routines to ensure any [1893] queueing errors etc. are reported via the AST routine by [1894] an explicit $DCLAST() ... this removes ambiguity about how [1895] $QIO() returns should be handled ... drastic but desperate [1896] times, etc. (a more consistent and desirable model anyway :^) [1897] 02-NOV-1997 MGD v4.5.0 [1898] file cache [1899] logging periods [1900] HttpdSupervisor() [1901] configurable script run-time environments [1902] additional request header fields [1903] 18-OCT-1997 MGD v4.4.1 [1904] bugfix; duration [1905] bugfix; logging period [1906] 01-OCT-1997 MGD v4.4.0 [1907] message module [1908] conditional rule mapping [1909] SYSUAF-authenticated user access control [1910] multi-homed/multi-port services [1911] (some NETLIB packages now cannot DNS lookup) [1912] echo and Xray internal scripts [1913] extensions to logging functionality [1914] additional command-line server control [1915] bugfix; redirection loop detection [1916] 01-AUG-1997 MGD v4.3.0 [1917] MadGoat NETLIB broadens TCP/IP package support [1918] server activity report [1919] 16-JUL-1997 MGD v4.2.2 [1920] bugfix; WORLD realm and access list [1921] 07-JUL-1997 MGD v4.2.1 [1922] minimum heap allocation chunk size [1923] prevent keep-alive timeout redefining request logical [1924] 01-JUL-1997 MGD v4.2.0 [1925] change name to WASD (Wide Area Surveillance Division) [1926] persistent DCL subprocesses and CGIplus [1927] (see re-written DCL.C module) [1928] scripting and client reports [1929] potential multi-thread problems in reports fixed [1930] 27-MAR-1997 MGD v4.1.0 [1931] rationalized HTTP response header generation [1932] delete on close for "temporary" files to support [1933] UPD module "preview" functionality ... WARNING, any [1934] file with a name comprising a leading hyphen [1935] sixteen digits and a trailing hyphen will be deleted! [1936] 01-FEB-1997 MGD v4.0.0 [1937] HTTPd version 4 [1938] 01-OCT-1996 MGD v3.4.0 [1939] extended server reporting [1940] 01-AUG-1996 MGD v3.3.0 [1941] realm/path-based authorization [1942] BASIC and DIGEST authentication [1943] PUT(/POST/DELETE) module [1944] StmLf module (variable to stream-LF file conversion) [1945] 12-APR-1996 MGD v3.2.0 [1946] file record/binary now determined by record format [1947] persistent connections ("Keep-Alive" within HTTP/1.0) [1948] moved RMS parse structures into thread data [1949] improved local redirection detection [1950] observed Multinet disconnection/zero-byte behaviour [1951] (request now aborts if network read returns zero bytes) [1952] 15-FEB-1996 MGD v3.1.1 [1953] fixed rediculous :^( bug in 302 HTTP header [1954] minor changes to request accounting and server report [1955] minor changes for user directory support [1956] minor changes to error reporting [1957] 03-JAN-1996 MGD v3.1.0 [1958] support for both DEC TCP/IP Services and TGV MultiNet [1959] 01-DEC-1995 MGD v3.0.0 [1960] single heap for each thread's dynamic memory management [1961] extensive rework of DCL subprocess functionality [1962] HTML pre-processsing module (aka Server Side Includes) [1963] NCSA/CERN compliant image-mapping module [1964] NetWriteBuffered() for improving network IO [1965] miscellaneous reworks/rewrites [1966] 27-SEP-1995 MGD v2.3.0 [1967] carriage-control on non-header records from [1968] to single ('\n' ... newline), some browsers expect [1969] only this (e.g. Netscape 1.n was spitting on X-bitmaps) [1970] added Greenwich Mean Time time-stamp functionality [1971] added 'Referer:', 'If-Modified-Since:', 'User-Agent:' [1972] 07-AUG-1995 MGD v2.2.2 [1973] optionally include commented VMS file specifications [1974] in HTML documents and VMS-style directory listings [1975] 16-JUN-1995 MGD v2.2.1 [1976] added file type description to "Index of" (directory) [1977] 24-MAY-1995 MGD v2.2.0 [1978] minor changes to allow compilation on AXP platform [1979] 03-APR-1995 MGD v2.1.0 [1980] add SYSUAF authentication, POST method handling [1981] 20-DEC-1994 MGD v2.0.0 [1982] multi-threaded version [1983] 20-JUN-1994 MGD v1.0.0 [1984] single-threaded version [1985] */ [1986] /*****************************************************************************/ [1987] [1988] #ifndef VERSION_H_LOADED [1989] #define VERSION_H_LOADED 1 [1990] [1991] /* five characters or less */ [1992] #define HTTPD_NAME "WASD" [1993] #define HTTPD_SOFTWAREID_NAME "HTTPd-WASD" [1994] [1995] /* keep HTTPD_GBLSEC_VERSION in step with this version (as necessary) */ [1996] #define HTTPD_VERSION "12.4.0" [1997] [1998] /* used to name and to detect changes in global section data structures */ [1999] #define ACTIVITY_GBLSEC_VERSION_NUMBER 0x120000 /* i.e. 12.00.00 */ [2000] #define AUTH_GBLSEC_VERSION_NUMBER 0x120000 [2001] #define AUTH_TOKEN_GBLSEC_VERSION_NUMBER 0x120000 [2002] #define HTTPD_GBLSEC_VERSION_NUMBER 0x120000 [2003] #define SESOLA_GBLSEC_VERSION_NUMBER 0x120000 [2004] #define PROXYVERIFY_GBLSEC_VERSION_NUMBER 0x120000 [2005] [2006] /* used as part of the the "instance" lock names, allowed range 1..15 */ [2007] #define HTTPD_LOCK_VERSION 1 [2008] [2009] VersionInfo(); [2010] [2011] #endif /* VERSION_H_LOADED */ [2012] [2013] /*****************************************************************************/