CGIplus-enabled Run-time Environment Example -------------------------------------------- ***** FIRST, EVIDENCE OF PERSISTANCE ***** Usage Count: 1 ***** SECOND, THE CGI ENVIRONMENT AVAILABLE ***** WWW_AUTH_TYPE= WWW_CONTENT_LENGTH=0 WWW_CONTENT_TYPE=text/plain; charset=ISO-8859-1 WWW_DOCUMENT_ROOT= WWW_GATEWAY_INTERFACE=CGI/1.1 WWW_GATEWAY_EOF=$Z-37354F3339E902D837943EF9- WWW_GATEWAY_EOT=$D-47E212661D5DE9AF32C10424- WWW_GATEWAY_ESC=$E-75EA24D575334F92C4B321EB- WWW_GATEWAY_MRS=4096 WWW_HTTP_ACCEPT=*/* WWW_HTTP_USER_AGENT=Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) WWW_HTTP_ACCEPT_ENCODING=gzip, br, zstd, deflate WWW_HTTP_HOST=www.timmersit.nl WWW_PATH_INFO=/just/a/bogus/path.txt WWW_PATH_ODS=5 WWW_PATH_TRANSLATED=WASD_ROOT:[just.a.bogus]path.txt WWW_QUERY_STRING=query=string WWW_REMOTE_ADDR=13.59.113.183 WWW_REMOTE_HOST=13.59.113.183 WWW_REMOTE_PORT=12697 WWW_REMOTE_USER= WWW_REQUEST_METHOD=GET WWW_REQUEST_PROTOCOL=HTTP/1.1 WWW_REQUEST_SCHEME=http: WWW_REQUEST_TIME_GMT=Sat, 03 May 2025 20:46:57 GMT WWW_REQUEST_TIME_LOCAL=Sat, 03 May 2025 22:46:57 WWW_REQUEST_URI=/rtbin/version.h/just/a/bogus/path.txt?query=string WWW_SCRIPT_FILENAME=WASD_ROOT:[SRC.HTTPD]VERSION.H WWW_SCRIPT_NAME=/rtbin/version.h WWW_SCRIPT_RTE=cgi-bin:[000000]rte_example.exe WWW_SERVER_ADDR=192.168.1.31 WWW_SERVER_CHARSET=ISO-8859-1 WWW_SERVER_GMT=+02:00 WWW_SERVER_NAME=vms1.timmersit.nl WWW_SERVER_PROTOCOL=HTTP/1.1 WWW_SERVER_PORT=80 WWW_SERVER_SIGNATURE=
WASD/11.3.0 Server at vms1.timmersit.nl Port 80
WWW_SERVER_SOFTWARE=HTTPd-WASD/11.3.0 OpenVMS/AXP WWW_UNIQUE_ID=aBac4QAAAAQAAMkkHJY WWW_SECURITY_STATUS=NONE WWW_FORM_QUERY=string WWW_KEY_COUNT=0 ***** THIRD, AN "INTERPRETED" FILE (WWW_SCRIPT_NAME/WWW_SCRIPT_FILENAME) ***** [0001] /*****************************************************************************/ [0002] /* [0003] version.h [0004] [0005] [0006] VERSION HISTORY [0007] --------------- [0008] 23-OCT-2021 MGD v12.0.0, [0009] So long, farewell, Auf Wiedersehen, goodnight (-VAX) [0010] (comprehensive move to native 64 bit data storage) [0011] continuing port to x86-64 (OpenVMS V9.1-A) [0012] verified builds against and operates with OpenSSL 3.0 [0013] (but not offically supported due to OpenSSL 3.0 issues) [0014] accomodate PIPE from WASD_ROOT:[SRC.UTILS]WASTEE.C [0015] TcpIpAlt..() experimental address/name lookup [0016] BSD 4.4 sockaddr.. IO$M_EXTEND to $QIO (per MB) [0017] proxy caching has been obsoleted [0018] proxy SOCKS5 connect support [0019] scripting process naming revised (perhaps even enhanced) [0020] agent scripting extended and formalised for v12... [0021] AGENT-BEGIN: and AGENT-END: callouts [0022] CGI: and DICT: callouts [0023] /DO=DCL=PROCTOR=APPLY [0024] /DO=DCL=PROCTOR=LOAD [0025] /DO=NET=LIST [0026] /DO=NET=PURGE=HTTP1 [0027] /DO=NET=PURGE=HTTP2 [0028] logging 'XX:blb' visual aid [0029] AdminPing() provides a baseline RTT for request processing [0030] SET proxy=rework= (replacement strings for response) [0031] SET response=var=asis (provide exact image of on-disk file) [0032] SET webdav=all (process all requests via WebDAV code) [0033] SET webdav=auth (authorise access using WebDAV SETings) [0034] metacon webdav:all (SETing of above) [0035] metacon webdav:auth (SETing of above) [0036] pass /whatever "200 $" executes CLI command [0037] !#-- and !#++ selectively disable/(re)enable WATCH reporting [0038] [ServiceConnect] respond to a connection on a port [0039] WATCH: proctored script by checking only [x]Script [0040] OdsFileAcpInfo() ATR$C_MODDATE (date-time *data* modified) [0041] supplements ATR$C_REVDATE (classic revision date-time) [0042] callout HTTP-STATUS: detect if a script has responded yet [0043] DavWebRequest() specifically handle WebDAV GET and HEAD [0044] DavMetaOds() ensure extended syntax only used ODS-5 volumes [0045] AuthAccessEnable() file access use (rqptr->WebDavRequest || [0046] rqptr->WhiffOfWebDav || rqptr->rqPathSet.WebDavAuth) [0047] AuthParseAuthorization() return AUTH_DENIED_BY_LOGIN [0048] if unknown scheme allowing 401 response rather than 403 [0049] FaoBigNumber() '&,' optionally numbers 'P', 'G', 'M', 'k' [0050] SesolaMkCertRetain() stores dynamic cert in process logical [0051] WatchData() and WatchDataDump() constrain length [0052] NetListFor() use of $BRKTHRU requires OPER privilege [0053] bugfix; Http2Supervisor() idle connection [0054] bugfix; SesolaNetIoRead() /bytes = value/ [0055] bugfix; FileBegin() ERROR_REPORTED() free file task [0056] bugfix; CliDemo and instance environment number (per KM) [0057] bugfix; CgiGenerateVariables() "AUTHAGENT hangs when called [0058] for a POST request" (per JPP) [0059] bugfix; DclCalloutDefault() CLIENT-READ: [0060] bugfix; AdminMenu() activity hours 672 [0061] bugfix; MapOdsAdsVmsToUrl() "if (SAME2(cptr,':['))" [0062] bugfix; OdsDirectSearch() appending the resultant file name [0063] to the pre-filled expanded name [0064] bugfix; DavMetaCreateDir() and DavMetaDeleteDir() [0065] allow for non-existant meta data files [0066] bugfix; DavMetaName() no meta directory [0067] bugfix; ErrorReportFooter() use request heap for signature [0068] 17-AUG-2020 MGD v11.5.1, [0069] Http2RequestData() reduce memory consumption [0070] HTTP2_DEFAULT_WINDOW_SIZE from 1048575 to 131070 [0071] if no service configured create http: and https: ex nihilo [0072] VmCheckPgFlLimit() and WASD_VM_PGFL_LIMIT logical name [0073] keep connect cert (->VerifyPeer) distinct from client cert [0074] bugfix; ProxyEnd() fix NetIoEnd() fix [0075] bugfix; OdsDirectSearch() if wildcard specification [0076] return RMS$_NMF, otherwise RMS$_FNF (seems so elementary) [0077] bugfix; Http2RequestCancel() cancel and abort [0078] bugfix; RequestEnd() redirection [0079] bugfix; SesolaALPNCallback() 'h2' global and service enabled [0080] bugfix; ControlDoHelp() remove non-existant DISCONNECT=.. [0081] bugfix; RequestExecutePostAuth1() INTERNAL_PASSWORD_CHANGE [0082] should call HtAdminBegin() not AdminBegin() [0083] bugfix; SesolaSNICallback() needs to propagate newly set [0084] context client verify parameters to SSL-specific [0085] bugfix; SesolaNetFree() ensure (sigh) X509_free() where [0086] ->ClientCertPtr associated with connection (i.e. HTTP/2) [0087] bugfix; RequestParseExecute() ensure PUT and DELETE have [0088] WebDAV header field(s) before considering WebDAV [0089] 22-JUL-2020 MGD v11.5.0, "Stay well..." [0090] static fallback cert replaced by dynamic SesolaMkCert() [0091] protocol "HTTP/2" also reported in standard log formats [0092] DavWebRequest() remove requirement for logical name [0093] WASD_HTTP2_WEBDAV after WebDAV over HTTP/2 tested [0094] NetIoQioMaxSeg() tune QIO to TCP MSS [0095] verified against VSI SSL111 product [0096] SET response=csp= ("content-security-policy:") [0097] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP [0098] SET response=cspro= ("..policy-report-only:") [0099] metacon alpn: (TLS application level protocol negotiation) [0100] metacon proctor: (obvious proctored script clause) [0101] DCL callout CSP: ("content-security-policy:") [0102] DCL callout CSPRO: ("..policy-report-only:") [0103] REGEX.C updated (ever-so-slightly) [0104] more proxy persistent connection (per JPP) [0105] RequestAbort() accomodates HttpdSupervisor() refinement [0106] and REQUEST_STATE_ABORT used throughout server [0107] Http2RequestData() delivers Http2RequestCancel() read AST [0108] NetTestSupevisor() and WASD_NET_TEST_BREAK logical name [0109] bugfix; ProxyEnd() free ioptr using NetIoEnd() [0110] bugfix; NetIoWriteStatus() and NetIoReadStatus() [0111] bugfix; RequestPersistentConnection() pipelined request [0112] bugfix; Http2RequestData() flow control [0113] bugfix; SesolaClientCertGet() SSL_VERIFY_POST_HANDSHAKE [0114] bugfix; httpd.c if (!CliDemo) HttpdGblSecInit(); [0115] bugfix; MetaConConditionalList() bu**ered [0116] bugfix; RequestProcessFields() DictLookup (.."accept"..) [0117] bugfix; SesolaCertExtension() BIO_NOCLOSE memory leak [0118] bugfix; CacheLoadEnd() free rqCache.ContentPtr on fail [0119] bugfix; DICT.C "tmptr && tmptr->clink.." [0120] bugfix; Http2Priority() exclusive bit [0121] bugfix; NetCreateService() only SesolaInitService() once [0122] bugfix; WatchDataDump() CHARS_PER_LINE calculation (sigh) [0123] bugfix; OdsDirectSearch() RMS$_FNF not RMS$_NMF (per JPP) [0124] bugfix; RequestShareBegin() if (!MATCH6 (cptr, "raw://")) [0125] bugfix; SesolaNetClientBegin() SESOLA_SINCE_110 [0126] BIO_set_data() before SSL_set_bio() (per JPP) [0127] bugfix; AdminParsePath() extraneous OdsParseRelease() [0128] bugfix; OdsDirectSearch() only if not already on the block [0129] boundary add one to get to next, otherwise already there! [0130] 20-JUL-2019 MGD v11.4.0, "One small step ..." [0131] 25th Anniversary Release (see 20-JUN-1994 below) [0132] adapt WatchSystemPlus() to allow use via CLI /SYSPLUS [0133] then dignified with a (sysPlus..()) module of its very own [0134] /OUTPUT= (in particular for /SYSPLUS) [0135] HttpdSupervisor() explicitly WatchEnd() [0136] Sesola_netio_read() and Sesola_netio_write() if connection [0137] broken (channel zero) return zero (SSL shutdown) [0138] SET response=200=203 for request tracking and log analysis [0139] ResponseHiss() response status changed from 403 to 203 [0140] status code 418 (teapot) forces connection drop [0141] allow a specified port when redirecting, i.e. http[s]//:nnn [0142] Sesola_netio_read_ast() 0 status TCP/IP Services? [0143] Sesola_netio_write_ast() 0 status TCP/IP Services? [0144] bugfix; SesolaClientCertGet() status 0 an issue [0145] bugfix; SesolaClientCertGet() if (value <= 0) break; [0146] bugfix; CgiOutput() Content-Length: strtoul() [0147] bugfix; SesolaClientCert() allow pattern per 25-AUG-2015 [0148] bugfix; SesolaCertExtension() storage reset [0149] bugfix; SesolaCertParseDn() regression (or whatever) [0150] bugfix; Http2NetQueueWrite() PEEK_8 at w2ptr->type [0151] bugfix; non-local without "Host:" use name not host:port [0152] bugfix; Http2RequestEnd() copy tally rx/tx to request [0153] bugfix; OdsDirectSearch() (uint)0xffff && rlen < 508) [0154] bugfix; AuthCompleted() and AuthNotComplete() to address [0155] AST delivery following request end and rundown [0156] bugfix; for bugfix StringSliceValue() kludge [0157] allow for DECnet connection string specified username [0158] bugfix; DavMetaDir() ACCVIO from !SAME2(mfdptr,'[.') [0159] 24-NOV-2018 MGD v11.3.0 [0160] verified against OpenSSL v1.0.2 && v1.1.0 && v1.1.1 [0161] TLSv1.3 operational [0162] verified against EXPAT v2.2.5 (for WebDAV purposes) [0163] (but reverted to v2.0.1 for final VAX WASD release) [0164] VM.C eliminate dynamic tuning of heap initial allocation [0165] and rework to allow detailed memory management statistics [0166] to be compiled into the runtime for development purposes [0167] ODS (FILES-11) directory parser [0168] WatchSystemPlus() et.al. for system troubleshooting [0169] RequestBegin() exit after consecutive SesolaNetBegin() fails [0170] DavWebRundown() explicitly abort WebDAV processing [0171] allow logical name content during one-to-one rule mapping [0172] refactor WatchWrite() using NetWriteBuffered() [0173] DclTaskRunDown() always use DclEmptySysOutput() [0174] [BufferQuotaDclOutput] BUFQUO value for SYS$OUTPUT mailbox [0175] refactor Http2RequestCancel() into Http2RequestCancelRead() [0176] and Http2RequestCancelWrite() [0177] ProxyRequestRebuild() proxy-authorization opaque: [0178] ProxyTunnelLogicalName() WASD_TUNNEL_SECONDS [0179] RequestGet() and ProxyTunnelNetReadAst() provide [0180] "X-Forwarded-For:" client host to proxied-to server [0181] /DO=REQUEST=RUNDOWN=.. [0182] /DO=ZERO=STATUS [0183] /DO=SSL=SERVICE=LOAD[=] no longer works [0184] SET response=var=crlf [0185] SET response=var=lf [0186] SET response=var=none [0187] bugfix; PutWriteFileOpen() override incompatible existing [0188] file characteristics by first erasing the file [0189] bugfix; seeming innumerable WebDAV fixes (some obvious, [0190] some obscure) many thanks to John Dite for his patience and [0191] persistence in finding and reporting anomalous behaviours [0192] (check the individual DAV...C modules for descriptions) [0193] bugfix; StringSliceValue() kludge for DECnet tasks [0194] bugfix; MetaConEvaluate() "webdav:MSagent" [0195] bugfix; DavWebMicrosoftDetect() before ->WebDavTaskPtr [0196] bugfix; X509_free() memory leak with ->ClientCertPtr [0197] bugfix; Http2NetIoWrite() blocking write data must be [0198] asynchronously persistent so employ internal buffer(s) [0199] bugfix; /DO=AUTH=SKELKEY=.. cluster wide (yet again :-) [0200] bugfix; SESOLA-OpenSSL memory leak at v11.0.0 [0201] bugfix; FileParseAst() regression with search list file [0202] bugfix; RequestRundown() allow for cache activity [0203] bugfix; WatchDataDump() CHARS_PER_LINE calculation [0204] bugfix; (longstanding) MapUrl__Map() multiple template [0205] wildcards when reverse mapping [0206] 01-MAR-2018 MGD v11.2.0 [0207] make WATCH item width flexible using initial value 6 digits [0208] with leading 3 digits HTTP/2 stream ID followed by 3 digits [0209] connection ID number and on overflow increment by 2 [0210] if |WASD_ENV| defined use that in absence of /ENV=.. [0211] Dav..() always DavWebEnd() not RequestEnd() [0212] WebDAV "authorisation" allowed to be EXTERNAL or OPAQUE [0213] RequestRundown() outstanding task sanity checks [0214] HttpdSupervisor() refactored timeout handling [0215] ProxyTunnelLogicalName() and WASD_TUNNEL to provide client [0216] host and port tunnel data available to the WASD system [0217] activated by SET..PROXY=FORWARDED=[FOR|ADDRESS] [0218] logging 'II' image information (file, version, link time) [0219] logging 'TI' request time in ISO 8601 extended format [0220] logging 'TS' (sortable) UTC request time ISO 8601 format [0221] logging 'TU' request time UTC (GMT) now synonym for 'TG' [0222] stamp (note) log events when common/combined with/without+ [0223] SET DIR=TITLE=[default|owner|remote||this=] [0224] /DO=HELP brief summary of command-line /DOs [0225] /DO=SSL=SERVICE=LOAD[= (re)load SSL context [0226] (/DO=SSL=CERT=LOAD is now implemented using this) [0227] /DO=STATUS report basic status of all instances [0228] /DO=STATUS=NOW instances immediately update status information [0229] /DO=STATUS=PURGE zero stale instance status information [0230] /DO=STATUS=RESET zero instance status information [0231] /NOTE= annotation to server process log [0232] refactor WatchEnd() (yet again) [0233] DclInit() do not adjust SYS$OUTPUT mailbox size when HTTP/2 [0234] is enabled, issue an informational as required [0235] DclMemBuf..() memory buffer script IPC (see DCLMEMBUF.C) [0236] callout BUFFER-BEGIN: [0237] callout BUFFER-END: [0238] callout BUFFER-WRITE: [0239] SesolaReport() allow reporting using an HTTP service [0240] CgiOutput() refine Content-Length: to report out-of-range [0241] CgiOutput() reject subsequent non-header [0242] WatchReport() move SSL item into Network group [0243] WatchShowCluster() and WatchShowSystem() VMS V6.2 obsolete [0244] bugfix; (longstanding) InstanceSocketForAdmin() sys$deq() [0245] bugfix; Http2..() window update and flow control management [0246] bugfix; logging 'BB' header length "lost" during HTTP/2 mods [0247] bugfix; nil content CGI responses not delivered [0248] bugfix; (long-standing) always use UpdEnd() not SysDclAst() [0249] bugfix; CgiGenerateVariables() [0250] |rqptr->rqAuth.SourceRealm != AUTH_SOURCE_AGENT_OPAQUE &&| [0251] 09-AUG-2017 MGD v11.1.1 [0252] relax HTTP/2 "rabbit hole" to permit WATCHing except [0253] for items [x]HTTP/2, [x]SSL and [x]network [0254] /INSTANCE=CONFIG ensures config values used [0255] SesolaClientCertRenegotiate() allow for pre- and post- [0256] OpenSSL 1.1.0 due to MSIE11 (Edge) stalling on a read [0257] after renegotiation (pre reverts to v11.0 and earlier code) [0258] SesolaInitService() when SSL_CTX_set_tmp_dh_callback() is [0259] enabled (DH_PARAM_*.PEM files present) ensure flag [0260] SSL_OP_CIPHER_SERVER_PREFERENCE is implicitly set [0261] MapUrl_GuaranteeAccess() mapping as well as authorisation [0262] Authorize() move AuthorizeGuaranteeAccess() up-front to [0263] ensure access to guaranteed paths not only with failure [0264] StringSliceValue() allow quote-delim inside space-delimited [0265] bugfix; rationalise as OpenSSL_version[_num]() becomes [0266] confused catering for OpenSSL v1.0.2 && v1.1.0 && v1.1.1 [0267] bugfix; HttpdSupervisor() do RequestRundown() only the once [0268] bugfix; DclCalloutDefault() NOTICED: and OPCOM: responses [0269] bugfix; DclScriptProctor() request is not actually "!!*!" [0270] bugfix; HpackHeadersFrame() use ":authority" pseudo-header [0271] for "Host:" header according to RFC7540 8.1.2.3 [0272] bugfix; SesolaCertExtension() generate UPN independently [0273] for each of pre- and post- OpenSSL 1.1.n [0274] bugfix; SesolaClientCertConditional() 'IS' processing [0275] bugfix; SesolaClientCertRenegotiate() allow for low-level [0276] (i.e. SSL) I/O errors (e.g. link disconnection) [0277] bugfix; LoggingDo() 'SR' silliness from v11.0 rework [0278] bugfix; MapUrl_ExplainPathSet() response=header=add=.. [0279] bugfix; for HTTP/2 (sigh) we need NPH to generate a header [0280] bugfix; session ticket key refresh (must be one of those...) [0281] 04-MAY-2017 MGD v11.1.0, [0282] "Raw"Socket based on WebSocket infrastructure [0283] [DclScriptProctor] * general idle process(es) [0284] [ServiceRawSocket] enables a RawSocket [0285] [ServiceSSLcert] specification can contain wildcard(s) [0286] SET proxy=header=[=] [0287] logging 'CL' insert request content-length [0288] logging 'PL' insert PUT or POST body received count [0289] Sesola..() refinements for OpenSSL v1.1.1 and TLS 1.3 [0290] sesola.h |#include "openssl/rand.h"| to fix OpenSSL v1.1.0 [0291] static link error against rand_bytes() and rand_seed() [0292] SesolaNetThisIsSSL() allow redirection to include scheme [0293] /DO=SSL=CERT=LOAD ... basically for internal use only! [0294] (heads-up: planned Let's Encrypt CME utility :-) [0295] Graph..() activity graphic now implemented using HTML5 canvas [0296] ResponseHeader() ensure non-printables cannot be injected [0297] InstanceSessionTicketKey() rework multi-instance/cluster [0298] (sigh! yes again; the lack of a test cluster these days) [0299] DirDirectories() do not list "hidden" (^.the.DIR) directories [0300] bugfix; use rqHeader.RequestBody.. for body with header [0301] bugfix; DclScriptProctor() v11.0 request structure [0302] requires dictionary and netio structures [0303] bugfix; SesolaNetIoRead() SSL_read() in-progress [0304] bugfix; Http2RequestEnd() end-of-request (control) frame [0305] independent of request itself [0306] bugfix; Http2NetQueueWrite() and Http2NetWriteDataAst() [0307] blocking writes are not placed on the request's [0308] write list as they are transparent to the request [0309] bugfix; Http2NetQueueWrite() deliver via NetIoWriteStatus() [0310] using SS$_NORMAL (HTTP/2 I/O) not the request ->VmsStatus [0311] bugfix; SesolaControlReloadCA() do not proactively [0312] X509_STORE_free() (leaves a dangling pointer?) [0313] bugfix; SesolaSNICallback() port elimination [0314] bugfix; RequestExecutePostCache() keyword redirection count [0315] 25-AUG-2016 MGD v11.0.2, [0316] Http2RequestBegin() ensure stream ident not reused [0317] increase MAX_REQUEST_HEADER from 16384 to 32768 [0318] InstanceSessionTicketKey() rework multi-instance rotate [0319] CgiGenerateVariables() mitigate httpoxy vulnerability [0320] MsgConfigLoadCallback() make [ismap] optional [0321] ParseCommandInteger() accept just an integer [0322] CLI /INSTANCE= now sets global section |InstanceMax| [0323] to allow the created process to continue to exist and when [0324] used needs to be reset with the likes of /INSTANCE=1 [0325] minimum supported OpenSSL version is now v1.0.0 [0326] which precludes HP SSL V1.4 (at least) [0327] OpenSSL v1.1.0 required code changes including [0328] #if (OPENSSL_VERSION_NUMBER < 0x10100000L) in Sesola..() [0329] modules, and introducing a version dependent build [0330] SesolaClientCertRenegotiate() rework due to OpenSSL v1.1.0 [0331] ResponseHeader() ->rqCgi.ScriptControlHttpStatus will allow [0332] an error reporting script to override the original status [0333] CGI Script-Control: X-http-status= [0334] %SSL-x-STRICT (RFC6797) now described as %SSL-x-STRICT, HSTS [0335] bugfix; Http2RequestData() always deliver via NetIoReadAst() [0336] bugfix; HpackHeadersFrame() uncompressed header size [0337] bugfix; CgiGenerateVariables() names from dictionary [0338] bugfix; MetaConEvaluate() request: regression [0339] bugfix; RequestProcessFields() if-range: regression [0340] bugfix; MetaConEvaluate() client_connect_gt: regression [0341] bugfix; SesolaClientCert() move X509 RENEGOTIATE switch [0342] HTTP/2 to HTTP/1.1 after SSL_get_peer_certificate() [0343] 30-JUN-2016 MGD v11.0.1, [0344] meta config [[wasd*n.n.n]] server version conditional [0345] [SSLsessionLifetime] session ticket (or ID) lifetime [0346] [SSLverifyPeerDataMax] see documentation [0347] [ServiceSSLsessionLifetime] per-service equivalent [0348] [ServiceSSLverifyPeerDataMax] per-service equivalent [0349] [SSLsessionCacheMax] default (of zero) now disables [0350] in favour of the more efficient Session Ticket [0351] SesolaSessionTicket..() refresh and coordinate the [0352] TLS session ticket key cluster-wide using the DLM [0353] InstanceSupervisor() refresh session ticket key at midnight [0354] RequestGblSecUpdate() method and URI only printable chars [0355] ProxyTunnelRequestParse() append mapped path for logging [0356] DirFiles() and DavPropSearchAst() ignore ambiguous file [0357] names containing an escaped ("^.") period but no type [0358] ErrorRedirectQueryString() ERROR_URI variable [0359] bugfix; MapOdsUrlToOds5Vms() URLs will not contain [0360] '^'-escaped sequences so just '^'-escape them [0361] bugfix; SesolaClientCertRenegotiate() ensure request [0362] data cleared before renegotiate ([SSLverifyPeerDataMax]) [0363] bugfix; DclTaskRundown() cancel HTTP/2 client read [0364] bugfix; HttpdSupervisor() accumulate proxy accounting data [0365] bugfix; RequestEnd2() decrement processing rx or (SSH) method [0366] bugfix; RequestEnd2() read status OK -or- ENDOFFILE [0367] bugfix; HpackHeadersFrame() multiple to single cookie header [0368] bugfix; MetaConEvaluate() request-scheme: regression [0369] bugfix; NetWrite() response header write error handling [0370] bugfix; SesolaClientCert() just return status [0371] 07-MAY-2016 MGD v11.0.0, [0372] HTTP/2 (RFC7540, RFC7541) [0373] restructure network I/O abstractions (oh boy!) [0374] key-value dictionary (associative array) abstraction [0375] add "Refresh [integer] Seconds" to appropriate reports [0376] ProxyFtpListOutput() update in line with directory listing [0377] SET dict[=[=]] [0378] SET http2=protocol=1.1 [0379] SET http2=send=goaway[=] [0380] SET http2=send=ping [0381] SET http2=send=reset[=] [0382] SET http2=write=[low|normal|high] [0383] metacon dict:, http2: and request-protocol: [0384] [HTTP2..] global configuration [0385] [TimeoutHttp2Idle] [0386] logging 'DI' insert specified dictionary item value [0387] /DO=HTTP2=PURGE[=] [0388] ensure timed-out requests are logged as 408/500 [0389] excise much of the twenty years of reporting HTML cruft [0390] obsolete ismap.c, filedot.c, menu.c and track.c functionality [0391] 22-APR-2016 MGD v10.4.3 (unreleased), [0392] logging 'NP' insert notepad value [0393] logging 'XX' insert custom site/client-specific datum [0394] SET sslcgi=apache_mod_ssl_client [0395] SET sslcgi=apache_mod_ssl_extens [0396] LoggingDo() MAX_FAO_VECTOR from 64 to 128 [0397] SSL_CTX_set_ecdh_auto() set elliptic curves selection [0398] SesolaTmpDHCallback() improve DH*.PEM flexibility [0399] SesolaCertExtension() parse X509 extensions [0400] SesolaCertName() parse X509 distinguished name [0401] SesolaCgiVariablesExtension() document X509 extensions [0402] SesolaReport() list certificate extensions [0403] [ru:/CN=] allows multiple to be selected between [0404] (e.g. "[ru:/CN=user*]", "[ru:/CN=^^\[^/=\]*$]") [0405] SesolaCertParseDn() strncmp() not strsame() [0406] SesolaCertParseDn() select on pattern match [0407] StringMatchAndRegex() ensure |rqptr| not needed [0408] add limit to consecutive failures on persistent connection [0409] remove limit to consecutive requests on persistent connection [0410] TcpIpAddressToString() IPv4 in IPv6 as ::FFFF:n.n.n.n [0411] bugfix; ResponseHeader() for HEAD request transfer-encoding [0412] chunked suppress actual chunked body (RFC 7230 3.3) [0413] bugfix; SesolaInit() session cache max -1 disables cache [0414] bugfix; LoggingDo() elapsed time items [0415] bugfix; LoggingDo() 'CC' do not reuse pointers! [0416] bugfix; LoggingDo() 'VS' |->ServicePtr| dereference [0417] 15-AUG-2015 MGD v10.4.2, [0418] [ServiceStrictTransSec] (RFC6797) [0419] [SSLstrictTransSec] (RFC6797) [0420] SET response=sts= (Strict-Transport-Security:) [0421] ResponseHeader() Strict-Transport-Security: header [0422] add WATCH "!42*x" to beginning and ending of requests [0423] DavWebRequest() allow bodies with any and no Content-Type: [0424] then in DavWebRequest2() check for XML in the body content [0425] RequestRedirect() always use dynamic buffers [0426] when "remote-addr:" begins '?' translate host to IP address [0427] LoggingDo() add WASD_LOGS "convenience" logical name [0428] disable kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C [0429] as the issue seems to have been fixed in OpenSSL v1.0.2c [0430] logical name WASD_REDIRECT_WILDCARD must be defined [0431] to enable "DNS wildcard" proxy redirection [0432] bugfix; [Cli]ParseCommand() parenthesis parsing [0433] bugfix; Request..() rework pipelined request handling [0434] bugfix; move supervisor PID from InstanceNodeSupervisor() [0435] to InstanceNodeSupervisorAst() [0436] bugfix; DavWebDestination() URI and URL (Total Commander) [0437] bugfix; Error..() earlier and broader detection of WebDAV [0438] bugfix; DavDeleteParse() enable access around OdsParse() [0439] bugfix; DavMoveMeta() do not report RMS$_DNF [0440] bugfix; FaoSAK() sdptr = StrDscBuffer(StrDscPtr); [0441] bugfix; DavXmlStartElement() PROPFIND accumulate list of [0442] dead properties subsequently searched for in the metadata [0443] bugfix; MapUrl_ExplainPathSet() ->ResponseChunked [0444] bugfix; CONFIG_SERVER_LOGS logical names precede fixed locale [0445] 12-FEB-2015 MGD v10.4.1, [0446] ProxyResponseRebuild() and ProxyRequestRebuild() provide [0447] timeout=n parameter with Keep-Alive: header field (some [0448] origin servers hang when no parameters supplied, per JPP) [0449] SesolaInitOptions() expand options keywords to include [0450] most SSL_OP_.. flags using the OpenSSL flag #define as the [0451] keyword minus the "SSL_" (e.g. OP_CIPHER_SERVER_PREFERENCE) [0452] SesolaTmpRSACallback() and SesolaTmpDHCallback() [0453] support for ephemeral keys enabling "forward secrecy" [0454] SesolaInitService() and SesolaInitClientService() [0455] if cipher list begins '+', '-' or '!' append it to default [0456] increase MAX_REQUEST_HEADER from 8192 to 16384 [0457] (proxying requests from Firefox to IIS, per JPP) [0458] kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C [0459] bugfix; RequestEndEnd() use ZERO_DELTA_TIME macro [0460] bugfix; AuthCacheNeedsReval() AlreadyLocked (per JPP) [0461] bugfix; ConfigReportSecureSocket() FaoVector[32] [0462] 05-DEC-2014 MGD v10.4.0 [0463] CORS support [0464] /SSL=(TLSvALL,TLSv1.1,noTLSv1.1,TLSv1.2,noTLSv1.2) [0465] removed /SSL=(2|3|23) which must be altered to SSLv2, etc. [0466] NOTE: TLSv1, TLSv1.1, TLSv1.2 now ENABLED by default [0467] SSLv2 and SSLv3 are now DISABLED by default [0468] (as recommended post-POODLE) [0469] MapUrl_ClientAddress() allows for transparent upstream proxy [0470] ResponseStream() and request /stream/ [0471] AuthCacheNeedsReval() so multiple cache entries for the [0472] same credentials do not trigger multiple revalidations [0473] SsiEnd() detect and report non-SSI problem encountered [0474] access log buffer extended from [4096] to [16384] (UMA SAML) [0475] LoggingQuoted() explicitly encode some fields where a raw [0476] quotation mark (URI forbidden) can break a log entry [0477] HttpdExit() sanity check trace after %SYSTEM-F-ASTFLT [0478] stack corruption at (you guessed it) Uni Malaga resulted [0479] in the icb.libicb$v_bottom_of_stack never being set! [0480] tweaks to some accounting fields and values (for WASDmon) [0481] NetCreateService() check bind address string instead of [0482] address to allow binding primary to 0.0.0.0 (INADDR_ANY) [0483] directory default listing style now ed [0484] directory path SET ods=name=utf8 then response charset=utf-8 [0485] directory ?httpd=index&font=[inherit|monospace(D)] [0486] ?httpd=index&style=table[2] [0487] SET client=[forwarded|if=forwarded|literal=|reset| [0488] if=xforwardedfor|xforwardedfor] [0489] SET dir=font=[inherit|monospace(D)] [0490] dir=style=TABLE[2] (new default) [0491] SET cors=age= cors=cred=[true|false] [0492] cors=expose= cors=headers= [0493] cors=methods= cors=origin= [0494] SET ods=name=8bit, ods=name=utf8, ods=name=default [0495] SET webdav=[no]hidden [0496] webdav=meta=dir= [0497] [SecureSocket] and [SSL...] (overridden by /SSL=) [0498] [WebDAVmetaDir] sub or full directory for meta files [0499] WedDAV configurable metadata (sub)directory [0500] AuthAccessCheck() add explicit check against server [0501] account to improve reporting of underlying access [0502] User-defined logging directives 'CI', 'SR', 'SV' for [0503] SSL cipher, session reuse and version items [0504] COMMON+, COMMON_SERVER+, COMBINED+ composite log formats [0505] X-record0-mode[=0|1] and associated CGI null-record mode [0506] bugfix; and refine DirFormatSize() [0507] bugfix; SSLv23_method() appears to be a Swiss-army knife [0508] significant rework of SSL version configuration [0509] bugfix; TcpIpCacheAddressToName() memcpy null char [0510] bugfix; DavMetaOpenAst() retry after meta directory creation [0511] bugfix; DavPropEnd() ensure unused meta-data file deleted [0512] bugfix; MapOds5VmsToUrl() et.al. allow for ".][" [0513] bugfix; SAME3 0x00ffffff mask (not 0xffffff00) [0514] bugfix; DirFormatAcpInfoAst() ThisIsADirectory = false; [0515] bugfix; DavWebCreateDir() set SYSPRV access, propagate rest [0516] bugfix; PutWriteFileOpen() WebDAV should not use default [0517] protection mask and instead propagate from profile [0518] bugfix; FileParseAst() allow for non-dir .DIR files [0519] bugfix; RequestRedirect() allocate using (possibly expanded) [0520] header length (not fixed) when allocating POST buffer [0521] bugfix; PROXY.C no $QIO buffer should exceed 65535! [0522] 06-OCT-2013 MGD v10.3.0 [0523] TLS1 Server Name Indication (SNI) extension [0524] /SSL= parameter options rework (plus new mnemonic options) [0525] SesolaNetClientBegin() include SNI before connect [0526] PutWriteFileOpen() support FAB$C_STM and FAB$C_STMCR [0527] DclMailboxAcl() allow usernames without associated [0528] identifiers (i.e. shared UICs) by first trying with the [0529] username and on failure getting the UIC and using that [0530] FaoUrlEncodeTable tilde from "%7e" to "~" (cadaver issue) [0531] GzipInit() ZLIB shareable image via logical names [0532] WASD_LIBZ_SHR32, then GNV$LIBZSHR32, finally LIBZ_SHR32 [0533] PersonaAssume() wrap sys$persona_create() with SYSPRV [0534] after modifications to DclMailboxAcl() to allow usernames [0535] without associated identifiers (i.e. shared UICs) [0536] authorisation realm read-only group can be specified as "*" [0537] to represent that "everyone else" can read [0538] ProxyResponseRebuild() additional header length bumped [0539] from an ambit 256 to an ambit 1024 (Uni Malaga :-) [0540] OdsNamBlockAst() on non-ODS_EXTENDED platforms (i.e. VAX) [0541] tease-out system file name from Nam.nam$l_name and [0542] Nam.nam$l_type into odsptr->SysFileName buffer [0543] historically used by ODS-5 and munge for ODS-2 as well [0544] .WWW_WASD directory directive file [0545] sortable directory listing [0546] ?httpd=index&ilink=[yes|no] [0547] ?httpd=index&override=[yes|no] [0548] ?httpd=index&query= (.WWW_WASD specific) [0549] ?httpd=index&style= [0550] ?httpd=index&sort=[+|-] [0551] ?httpd=index&target= [0552] ?httpd=index&these=[,] [0553] ?httpd=index&versions=|* [0554] SET dir=delimit= [0555] SET dir=[no]ilink [0556] SET dir=style=sort (plus the dir=style=2) [0557] SET dir=sort=[+|-] [0558] SET dir=target= [0559] SET dir=these=[,] [0560] SET dir=versions=|* [0561] SET put=rfm=[STM|STMCR|UDF] added to FIX512,STMLF [0562] "upstream-addr:" conditional [0563] [AuthRevalidateLoginCookie] obsolete (in favour of ...) [0564] rqptr->AuthRevalidateCount to track empty authentication [0565] prompts preceding potential redundant revalidation prompt [0566] [PutBinaryRFM] add STM and STMCR [0567] [ServiceNonSSLRedirect] |[:] [0568] some refinements to Upd..() layout and functionality [0569] refine HTML and bring a little more up-to-date [0570] AUTH_MAX_USERNAME_LENGTH bumped from 47 to 64 for X509 [0571] FileAcpInfoAst() '$.' file extension kludge [0572] bugfix; AuthConfigLoadCallBack() additional [AuthProxy] [0573] with intervening rules should reset proxies [0574] bugfix; FileResponseHeader() "?httpd=content&type=" decoded [0575] bugfix; MapOds..() identify MFD using "000000]" and "000000." [0576] bugfix; AuthVmsGetUai() interaction of logon= parameters [0577] bugfix; UpdFileRename() ACCVIO with AuthAccessEnable() [0578] bugfix; RequestParseAndExecute2() remove reset of [0579] request persistent flag from OPTIONS and DELETE [0580] bugfix; SesolaInitService() (or refinement) [0581] SSL_CTX_set_session_id_context() against each service [0582] bugfix; DirFormatSize() bytes [0583] bugfix; OdsParseTerminate() on non-ODS_EXTENDED platforms [0584] (i.e. VAX) reset .nam$b_esl to changed expanded length [0585] or it can generate RMS$_ESL errors [0586] bugfix; DavPropSearchAst() on non-ODS_EXTENDED platforms [0587] (i.e. VAX) reset .nam$b_rsl to changed resultant length [0588] or it can generate RMS$_RSL errors [0589] bugfix; non-ODS_EXTENDED platforms (e.g. VAX) must [0590] OdsParse() NAM$M_NOCONCEAL before OdsSearchNoConceal() [0591] bugfix; MapUrl__Map() reverse mapping wildcard copy [0592] bugfix; CgiGenerateVariables() AUTH_GROUP write/read status [0593] bugfix; AuthClientHostGroup() wildcard match result reversed [0594] bugfix; ProxyResponseRebuild() call ProxyRebuildLocation() [0595] can return a pointer to the original location! [0596] bugfix; SesolaInit() translate WASD_SSL_CIPHER logical name [0597] 09-NOV-2012 MGD v10.2.0, [0598] TOKEN authorisation [0599] request header DNT (do not track) [0600] set ProxyReadBufferSize to 64k (per JPP) [0601] allow (proxy) ResponseBufferSize to be >= 64k (per JPP) [0602] HttpdSystemInfo() $GETSYIW() CsidVersion treat status [0603] SS$_UNREACHABLE as non-fatal and fallback to 16 byte LVB [0604] DIGEST.C numerious tweaks up to RFC2069 [0605] [AuthTokenEntriesMax] for token authorisation [0606] bugfix; HTAdminModifyUser() use database name for digest [0607] bugfix; AuthorizeResponse() digest scheme [0608] bugfix; AuthVmsGetUai() logon= fall through [0609] bugfix; DclSysOutputAst() WebSocket wrt agent [0610] bugfix; WebSockEnd() do not NetCloseSocket() [0611] bugfix; (at least improve) caching of group write/read [0612] bugfix; SesolaParseCertDn() return NULL if record not found [0613] bugfix; AuthorizeGroupWrite() with cached entries! [0614] bugfix; AuthReadSimpleList() parameter /DIRECTORY= processing [0615] 28-APR-2012 MGD v10.1.1, [0616] RequestGet() no longer report 408 for unused connections [0617] RequestEndEnd() likewise ignore unused connections (Chrome) [0618] MetaConLoad() compress non-signficant white-space [0619] proxy WebSocket upgrade requests as raw tunnels (kludge) [0620] DclRestartScript() refine WebSocket handling [0621] DirFormatSize() now uses quadword [0622] DirFormatSize() adjusts units to fit size width [0623] MATCH0..8() macro to improve efficiency over memcmp() [0624] SAME1..4() macro to abstract the *(USHORTPTR)s, etc. [0625] bugfix; RequestBegin() remove RequestEnd() following failed [0626] SesolaNetBegin() resulted in redundant request rundown [0627] bugfix; SesolaNetAccept() initialise value=0 [0628] bugfix; SesolaNetRead() SSL state not SSL_ST_OK [0629] bugfix; SesolaNetWrite() SSL state not SSL_ST_OK [0630] bugfix; DavWebMicrosoftMunge2() token reprocessing [0631] bugfix; FileAcpInfoAst() SS$_BADPARAM >2GB <4GB (per JPP) [0632] bugfix; WebSockCloseMailboxes() logic [0633] bugfix; DclScriptProcessCompletionAST() don't WebSockClose() [0634] any WebSocket request currrently associated with the task [0635] bugfix; RequestEndEnd() '->WebSocketCount' already locked [0636] 06-NOV-2011 MGD v10.1.0, [0637] dragged kicking and screaming to VMS V7.0 base build [0638] Web Socket (HTML5) support [0639] Secure Sockets default to SSL v3 and TLS v1 (no more SSL v2) [0640] SET cache=[no]cookie [0641] SET map=uri [0642] SET proxy=chain=cred= [0643] SET proxy=tunnel=request= [0644] SET regex= [0645] SET response=HTTP=original [0646] SET service= [0647] SET notimeout (short-hand for timeout=none,none,none) [0648] SET websocket= [0649] "origin:" conditional [0650] "request-peek:" conditional [0651] "upgrade:" conditional [0652] "websocket:" conditional [0653] [DclScriptProctor] (pro-)activate script/environments [0654] [RegEx] enabled/disabled/ [0655] [ServiceProxyChainCred] down-stream proxy credentials [0656] [WwwImplied] "www." is implied even with virtual services [0657] ("Host:") not beginning with it (ServiceFindVirtual()) [0658] callout LIFETIME: can accept [0659] callout SCRIPT-CONTROL:string (see DCL.C) [0660] logging 'PP' outgoing proxy connection local port [0661] /DO=ALIGN=.. to allow collection and analysis of Alpha and [0662] Itanium alignment fault data using HttpdAlignFault() et.al. [0663] /DO=NET=PURGE[=..] expanded capability [0664] /DO=WEBSOCKET=DISCONNECT[=..] to disconnect WebSockets [0665] /PRIORITY= limit increased from 6 to 15 [0666] SesolaInit() default is SSLv2 off and SSLv3/TLSv1 on [0667] AuthAgentCallout() callout BODY implemented (for PAPI) [0668] MapOdsUrlTo..() consecutive '/' into a single a la Unix [0669] ServiceReportNow() service synopsis [0670] ProxyTunnelChainConnect() chain proxy authorization [0671] ProxyRequestRebuild() chain proxy authorization (BASIC only) [0672] ServiceReportNow() add summary to service report [0673] configuration lines beginning "!#" now allow WATCHable [0674] during mapping and authorisation processing [0675] reworked query string handling based on length [0676] ServiceEntityMatch() processes in-match and if-not-match [0677] CacheSearch() implement request cache control [0678] CacheLoadResponse() checks response header for [0679] "Cache-Control:" directives and adjusts accordingly [0680] CacheLoadEnd() buffer all content-type data [0681] (previous behaviour truncated at ';' or white-space) [0682] MetaConLoad() ensure metacon "lines" are quadword aligned [0683] __unaligned directive added to pointer macros in a [0684] (successful) effort to avoid alignment faults [0685] VM_OFFSET now 8 (quadword alignment) instead of 4 [0686] bugfix; OdsFileExists() parse NAM$M_NOCONCEAL in case of [0687] multi-valued, concealed logical devices and then convert [0688] returned status DNF into the functional equivalent FNF [0689] bugfix; directory listing OdsSearchNoConceal() to [0690] process concealed, multi-value logical device names [0691] bugfix; RequestRedirect() only concat '&' if including query [0692] bugfix; set rule 'CacheSetting' boolean with any CACHE=.. [0693] 02-OCT-2010 MGD v10.0.3, [0694] command-line checks of configuration files [0695] /DO=AUTH=CHECK /DO=CONFIG=CHECK (all configuration files) [0696] /DO=GLOBAL=CHECK /DO=MAP=CHECK /DO=MSG=CHECK [0697] /DO=SERVICE=CHECK [0698] TcpIp6..() functions to resolve IPv6 AAAA records [0699] ProxyRequestParse() improve IPv6 host parsing [0700] bugfix; regression at 10.0.1 with proxy authorization [0701] bugfix; SSL_set_info_callback() not SSL_CTX_set..() [0702] 01-JUL-2010 MGD v10.0.2, [0703] metacon "file:" and "directory:" to probe file-system [0704] SET script=lifetime= [0705] SET put=max= per-path equivalent of [PutMaxKbytes] [0706] SET put=max=* for (effectively) unlimited upload [0707] BODY.C significant rework to function()alise common code [0708] BODY.C improve performance with multiblock of 127 (per JPP) [0709] BODY.C make MultipartContentType(Ptr) a dynamic structure [0710] as Microsoft endeavour to include application data [0711] along with MIME content-type, see ... [0712] http://msdn.microsoft.com/en-us/library/aa338205.aspx [0713] and an example (no kidding!) ... [0714] "application/vnd.ms.powerpoint.template.macroEnabled.12application/x-font" [0715] FileNextBlocks() change QIO file size from long to quad [0716] to cater for files greater than 4GB (4GB+ is limited to [0717] file serving only, no ranges, etc.) [0718] RequestExecutePostCache() UTF-8 decode WebDAV objects [0719] RequestRedirect() support WebDAV "Destination:" field (JPP) [0720] DclAllocateTask() default unconfigured CGIplus lifetime [0721] SsiDoSet() and SsiGetTagValue() allow '$' in variable names [0722] Mapurl_ControlReload() rather than Mapurl_Load() [0723] bugfix; MapUrl_ControlReload() [0724] bugfix; DclUpdateScriptNameCache() run-time pointer [0725] bugfix; OdsNamBlockAst() odsptr->NamFileSysNamePtr [0726] always set to odsptr->SysFileName in case RMS$_FNF, etc. [0727] bugfix; RequestGet() MAX_REQUEST_HEADER (per JPP) [0728] bugfix; allow METACON_TOKEN_INCLUDE for [IncludeFile] [0729] bugfix; MetaConEvaluate() when JustChecking: HTTP header [0730] fields (e.g. "cookie:") [0731] bugfix; DavMetaReadName() and DavMetaWriteName() [0732] allow for typeless file names (e.g. ]AFILE.;) [0733] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0734] $ERASE() if not WebDAV request (access and ownership) (JPP) [0735] bugfix; DavWebSlashlessMunge() enable SYSPRV while [0736] calling OdsFileExists() (per JPP) [0737] bugfix; do not use REDIRECT for WebDAV request error report [0738] bugfix; no new token when refreshing existing lock (per JPP) [0739] bugfix; FileNextBlocks() signed/unsigned comparison [0740] when calculating buffer size on files larger than 2^31 [0741] bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms() [0742] include '|' and '%' as ODS-5 escaped characters [0743] bugfix; DirAuthorizationAst() only check access on [0744] non-empty expanded file names [0745] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0746] $CREATE() if not WebDAV request (for access and ownership) [0747] bugfix; FileNextBlocks() signed/unsigned comparison [0748] when calculating buffer size on files larger than 2^31 [0749] bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms() [0750] include '|' as an ODS-5 escaped character [0751] bugfix; DirAuthorizationAst() only check access on [0752] non-empty expanded file names [0753] bugfix; PutWriteFileOpen() ensure SYSPRV enabled before [0754] $CREATE() if not WebDAV request (for access and ownership) [0755] bugfix; DirBegin() "httpd=index&" detection (since v9.3.0) [0756] bugfix; DirEnd() suppress unless RequestEnd() AST [0757] bugfix; SsiDoDcl() report cgi=/script= query string as error [0758] bugfix; UpdBegin() [goto] processing [0759] 01-MAR-2010 MGD v10.0.1, [0760] ProxyFtpListProcessUnix() names with white-space (per JPP) [0761] ProxyResponseRebuild() !"accept-encoding" (per JPP) [0762] make proxy requests subject to throttle (per JPP) [0763] MapUrl__Map() increase some buffer sizes (per JPP) [0764] RequestRedirect() add return length (overflow) check [0765] log format 'HO' request "Host:" field [0766] log format 'RH' any request header (e.g. "RH:cache-control:") [0767] log format 'VS' request virtual service [0768] According to http://www.ietf.org/rfc/rfc2145.txt a server [0769] should respond with the minor HTTP version reflecting its [0770] own compliance rather than the client's provided the [0771] response itself is compliant with the client minor version [0772] (i.e. HTTP/1.0 requests should get HTTP/1.1 in the response [0773] status line - and now implemented by ResponseHeader()) [0774] bugfix; LoggingDo() sys$flush(&RAB) not (&FAB) [0775] bugfix; LoggingDo() initialise (zero) &DummyRequest [0776] bugfix; ProxyMaintInit() use v10orPrev10() for scan (per JPP) [0777] bugfix; ProxyTunnelReadAst() data count tx (per JPP) [0778] bugfix; ConfigAcceptClientHostName() reject [0779] 29-NOV-2009 MGD v10.0.0, [0780] WebDAV 1,2 [0781] AuthAcmeVerifyUser() requires SECURITY privilege to [0782] allow ACME$M_NOAUTHORIZATION for authentication-only [0783] when using WASD_NIL_ACCESS identifier [0784] AuthAcmeVerifyUser() and AuthVmsGetUai() can now use [0785] [AuthSYSUAFlogonType] and/or an optional authorization rule [0786] parameter 'param="logon=.."' to specify the login type [0787] (default is still NETWORK) [0788] AuthRestrictAny() uses a single set of access restrictions [0789] ACME DOI name of '*' indicates use the default of [0790] ACME$LATEST_ENABLED_AGENT_LIST rather than specified DOI [0791] (authentication realm set to the DOI authentication realm) [0792] allow for []-delimited IPv6 addresses as service names [0793] concurrently support v10 and pre-v10 logical names [0794] (use WASD_.. rather than HTTPD$.. and HT_.. logical names) [0795] move WASD process naming schema from "HTTPd:" to "WASD:" [0796] (implies the automatic creation of new rights identifiers) [0797] use STR_DSC and associated StrDsc..() functions [0798] to refine and simplify formatted and buffered output [0799] OdsNameOfDirectoryFile() no longer mandatory that a [0800] directory file actually exists to generate the name [0801] MapUrl_Map()/__Map() now have a REQUEST_PATHSET parameter [0802] (to better decouple file-system mapping and path SETing) [0803] refine loading and mapping of path SETings [0804] add HTTP status filter to WATCH [0805] DclSysOutputAst() if WATCHing DCL and non-CGI-compliant [0806] response continue to end-of-script bit-bucketing output [0807] (DECNET.C code already provides this behaviour) [0808] User-defined log format now includes 'CP' client port [0809] RequestRedirect() allow a redirect to include its own query [0810] string and then concatenate any request query with '&'.. [0811] CgiVariable() optimise single-quotation escaping (JPP) [0812] GzipShouldDeflate() do not compress Shockwave Flash [0813] increase minimum size before compression to 1400 bytes [0814] HttpdExit() add explicit traceback for AXP and IA64 (per JPP) [0815] WATCH script item [0816] (interesting and useful suggestion from Jean-Pierre Petit) [0817] callout WATCH:string (see DCL.C) [0818] CGI variable WATCH_SCRIPT indicates when script WATCHing [0819] SET css= [0820] SET put=max= [0821] SET put=rfm=[FIX512|STMLF] [0822] SET script=agent=as= [0823] SET webdav=... (multiple WebDAV related settings) [0824] [AuthSYSUAFlogonType] specifies NETWORK, DIALUP, etc. [0825] [BufferSizeNetFile] global configuration directive [0826] [BufferSizeNetMTU] global configuration directive [0827] [HttpTrace] global configuration directive [0828] [PutBinaryRFM] global configuration directive [0829] [ServiceLogFormat] a per-service user-defined log format [0830] [ServiceShareSSH] share with (allow proxy to) SSH [0831] [WebDAV...] global configuration directives [0832] "webdav:" conditional [0833] logical name WASD_NO_SYSUAF_ACME disables SYSUAF via ACME [0834] logical name WASD_NO_ACME disables ACME altogether [0835] can't believe it but some PHP script paths are [0836] exceeding a SCRIPT_NAME_SIZE of 128 - bump to 256! [0837] ServiceConfigAdd() use INADDR_ANY if host name lookup fails [0838] NetCreateService() use primary if service IP addr reset [0839] activity report has some major changes (see version log) [0840] AuthorizeResponse() allow agent reason for 403 [0841] bugfix; NetWriteStrDsc() flush all full descriptors [0842] bugfix; NetWriteGzip() ensure buffer size <= 65535 [0843] bugfix; MapUrl__Map() to URL use request ODS not path ODS [0844] bugfix; ServiceConfigFromString() create and use [0845] temporary service structure when generating report [0846] bugfix; FileAcpInfoAst() and CacheAcpInfoAst() [0847] byte-range limit negative offset [0848] bugfix; OdsNamBlockAst() deliver AST with 'AstParam' [0849] (requiring parameter changes to *lots* of AST functions [0850] called by use of OdsParse() and OdsSearch() - bugga!) [0851] bugfix; AuthVmsChangePassword() ensure that [0852] rqAuth.SysUafDataPtr is populated [0853] bugfix; MapUrl__Map() proxy 'fall-thru' [0854] bugfix; ProxyResponseRebuild() proxy->client compression [0855] chunk only for HTTP/1.1 responses and connection [0856] persistence header fields reflect non-chunked GZIP stream [0857] bugfix; HttpdSupervisor() no-progress use ->BytesRaw.. [0858] bugfix; ErrorNoticed() use of 'rqptr' (from 16-NOV-2007) [0859] bugfix; NetRead() redact into DataPtr *not* into [0860] rqNet.ReadBufferPtr (which works until subsequent read :-) [0861] bugfix; DclUpdateScriptNameCache() undo bug from fix of [0862] non-existant problem from 12-APR-2008 (talk about it!) [0863] bugfix; DclUpdateScriptNameCache() copy determined [0864] script invocation method ("@","$","=", etc.) into cache [0865] 15-MAR-2008 MGD v9.3.0, [0866] RequestReport() per-current, per-connection, [0867] per-throttle and per-history [0868] CgiGenerateVariables() suppress SCRIPT_NAME if it is an [0869] empty script name ("/") [0870] RequestGblSecUpdate() include remote user and realm in [0871] request monitor data [0872] callout REDACT: and REDACT-SIZE: [0873] support for request redaction (see DCL.C) [0874] NetRead(), RequestRedact(), RequestEnd() redact support [0875] callout NOTICED: (and auth agent NOTICED) [0876] callout OPCOM: (and auth agent OPCOM) [0877] auth agent callout SCRIPT-META [0878] DirBegin() only use query string if it begins "httpd=index&" [0879] RequestExecutePostCache() check again for RequestHomePage() [0880] before final RequestFile() [0881] [ServiceProxyAuth] CHAIN [0882] AUTH_PATH variable for authentication agents [0883] AuthConfigLoadCallBack() do not lower-case path [0884] ProxyRequestRebuild() allow "Proxy-Authorization:" header [0885] only if configured for CHAIN proxy authentication [0886] [SocketSizeRcvBuf] and [SocketSizeSndBuf] [0887] HTADMIN and AUTHHTA modules allow for CONNECT method [0888] ProxyTunnel..() provide for SSL client connections [0889] Server Activity graphing slash-delimitted 'max-requests' [0890] that scales the Y axis allowing finer detail display [0891] authorization realm agent can now be '=agent+opaque' [0892] to suppress the automatic username/password challenge [0893] accounting per-request GZIP compress percentage [0894] RequestRedirect() include response cookie(s) [0895] force ACME on VMS V7.3 and later [0896] [AuthSYSUAFuseACME] obsolete [0897] bugfix; GraphActivityPlotBegin() X axis scaling for [0898] non-integral factors [0899] bugfix; GraphActivityReport() uninitialised 'cptr' before [0900] use in processing '"form"-based query string' [0901] bugfix; AdminMenu() JavaScript doIt() call [0902] bugfix; RequestGet() buggy browser kludge (per JPP) [0903] bugfix; CONNECT proxy authorization [0904] bugfix; AuthCacheGblSecInit() (per JPP) [0905] bugfix; ProxyVerifyGblSecInit() (per JPP) [0906] bugfix; SesolaCacheGblSecInit() (per JPP) [0907] 19-MAY-2007 MGD v9.2.1, [0908] RequestGet() now handles extraneous which [0909] buggy browsers can incorrectly insert after the body [0910] of a valid request (See RFC 2616 section 4.1) [0911] ProxyRequestBegin() restrict HTTP methods for FTP scheme [0912] ProxyFtpLifeCycle() process HEAD as for GET [0913] ProxyResponseRebuild() make request HTTP version a [0914] consideration before chunking proxy->client (with JPP) [0915] RequestExecutePostAuth1() kludge to allow 'implied' scripts [0916] CgiGenerateVariables() provide TRACK_ID if present (for JPP) [0917] bugfix; DclBegin() agent runs under default account [0918] bugfix; MapUrl_Map() auth agent modifying path SETings [0919] bugfix; DirFormatAcpInfoAst() 'S' (size) processing for [0920] block totals at the end of a listing [0921] bugfix; agent mappings using VMS-USER: not being cached [0922] bugfix; GzipDeflateCache() allow for cached CGI header [0923] bugfix; CacheNext() don't adjust GZIP content for CGI header [0924] bugfix; ConfigLoadCallback() post-process sanity checking [0925] for 'NetConcurrentMax' and 'NetConcurrentProcessMax' [0926] bugfix; BodyReadBegin() 413 set status before declaring AST [0927] bugfix; ProxyRequestRebuild() proxy verify [0928] "Authorization:" request header field carriage-control [0929] bugfix; ProxyNetConnectPersist() rejects all further [0930] requests once ProxyConnectPersistMax has been hit [0931] 04-NOV-2006 MGD v9.2.0, [0932] significantly enhance WATCH filtering [0933] added REG_NEWLINE to REGEX_C_FLAGS so that anchors match [0934] newlines in strings to support 'Request' filter in WATCH [0935] access logging now supports an HOURLY period [0936] remove file name length constraint for access logs created [0937] on an ODS-5 volume (allows full host name components, etc.) [0938] ProxyTunnelChainConnect() and ProxyTunnelChainConnectAst() [0939] to implement raw tunnelling through an intermediate proxy [0940] maintenance; there seem to have been some changes in the [0941] underlying TCP/IP Services handling of shared sockets [0942] so NetAcceptAst() set socket share on client and ... [0943] NetClientSocketCcl() to control BG device carriage-control [0944] (to parallel the APACHE$SET_CCL.EXE functionality) [0945] DclCalloutDefault() add GATEWAY-CCL: callout to allow [0946] BG device carriage-control from running script [0947] RequestHttpStatusCode() provides more fine-grained HTTP [0948] response status code accounting (mainly for WOTSUP) [0949] DirFormat() and DirFormatSize() allow in-line layouts to [0950] specify size with VMS format listings, as well as [0951] adding size specification of 'V' (VMS-ish, in blocks) [0952] use PercentOf() and QuadPercentOf() for more accurate and [0953] more consistent percentages [0954] AdminMenu() status panel (time, connect, request) mods [0955] AdminMenu() instance [active][standby] functionality [0956] (service item) network connection [Purge][All] [0957] activity graph; add request peak data [0958] ('network connections' has been masquerading as this) [0959] (also see 'CRAZY' note in GraphActivityReport()) [0960] for authorization add '+=' to realm default syntax for [0961] realm default to be concatenated to any path access [0962] /DO=INSTANCE=ACTIVE|STANDBY [0963] /DO=NET=PURGE[=ALL]|SUSPEND[=NOW]|RESUME [0964] NetPassive() and NetActive() to allow non-supervisor [0965] instances to be made quiescent [0966] NetSuspend() and NetResume() to allow halt and resume [0967] request processing [0968] NetPurge() to remove network connections [0969] increase AUTH_MAX_PATH_PARAM_LENGTH from 127 to 255 [0970] (initially prompted by development of AUTHAGENT_LDAP) [0971] add 'ConnectSuspend', 'InstancePassive', 'LastExitTime64', [0972] 'LastExitPid' and 'ResponseStatusCodeCount[]' to global [0973] section [0974] bugfix; LoggingDo() changes for daily period test [0975] to support hourly logging (thanks again JPP) [0976] bugfix; SsiEnd() propagate included document user variables [0977] back into parent document to ensure they remain *global* [0978] bugfix; GzipShouldDefault() uninitialized 'cptr' when no [0979] content-type would cause WatchThis() "!AZ" to barf if [0980] 'cptr' was non-NULL but pointed into an invalid page [0981] bugfix; NetAcceptProcess() and NetDirectResponse() [0982] should issue 503 for 'too busy', not 502 [0983] bugfix; StringMatchAndRegex() regular expression [0984] 'MatchType' detection prior to pre-match [0985] bugfix; ThrottleReport() column alignment of 'busy' and [0986] 'total' percentages in second row of per-path statistics [0987] bugfix; NetAccept(), NetAcceptAst(), NetAcceptProcess() [0988] nasty problem where multihomed servers 'svptr' confusion [0989] (due to the multihome pointer manipulation) could result [0990] in an attempted re-queue of an accept on a service that [0991] did not correspond to the original accept AST delivery [0992] with the result that no accept ended up being queued [0993] bugfix; ResponseHeader() and NetWrite() accomodate 304 [0994] bugfix; RequestGet() timestamp the event immediately [0995] bugfix; AuthConfigLine() propagate 'RealmCanString' by [0996] making it static storage (doh) [0997] bugfix; MenuFileDescription() status from OdsParse() [0998] bugfix; StmLfLog() -E- to -I- for non-status-value call [0999] 11-MAY-2006 MGD v9.1.4, [1000] 'Proxy affinity' courtesy of Jean-Pierre Petit (esme.fr) [1001] (see PROXY.C for an explanation of what all this means) [1002] enabled per-service using [ServiceProxyAffinity] or [1003] per-path using SET PROXY=[NO]AFFINITY [1004] SesolaCacheInit(), in conjunction with AuthConfigInit() [1005] noting the presence of any X509 realm, automatically [1006] adjusts multi-instance, SSL session cache record size [1007] to accomodate potential client certificate [1008] SesolaInit() added ICACHE=SIZE= and SSL=ICACHE=RECORD= to [1009] allow manual configuration of instance SSL session cache [1010] RequestRedirect() "//:port/path" (i.e. begins with "//:") [1011] allows a redirect to a different port on the same host [1012] increase MapUrl__Map() WildBuffer[] storage to 4096 [1013] increase HOST_STORAGE from 236 to 1004 as an interim [1014] workaround for SS$_ENDOFFILE when storage insufficient [1015] (jpp@esme.fr) - why doesn't it return SS$_RESULTOVF?!! [1016] SesolaCacheInit() if boolean 'AuthRealmX509' indicates X509 [1017] realm is in use then use a larger session cache record [1018] potential bugfix; CgiOutput() CGI_OUTPUT_MODE_CRLF output [1019] count should be checked for zero before negative index [1020] potential bugfix; when URL-encoded decoding use unsigned [1021] char to prevent sign bit issues with the likes of %FC [1022] bugfix; non-SSL SesolaCacheInit() should return not bugcheck! [1023] bugfix; SSL_shutdown() problem reported by JPP [1024] introduce SesolaNetReadAst() and SesolaNetWriteAst() [1025] to defer reset of AST function address used to indicate [1026] AST-in-progress in other parts of the code [1027] bugfix; CgiOutput() empty 'record' in stream mode should be [1028] ignored and not have carriage-control adjusted (JFP) [1029] bugfix; 'RQ' include method (equivalent of Apache "%r") [1030] bugfix; 'EM', 'ES' and 'UE' arithmetic ('doh'!?) [1031] bugfix; DECnetWriteRequestBody() suppress empty record on [1032] end-of-body for OSU (call DECnetWriteRequestBodyAst()) [1033] to prevent it interfering with functionality [1034] bugfix; HttpdTimerSet() TIMER_PERSISTENT (jpp@esme.fr) [1035] bugfix; RequestFields() allow for header lines with no [1036] white-space between field name and value (jpp@esme.fr) [1037] 24-NOV-2005 MGD v9.1.3, [1038] authorization OPAQUE realm to allow a script to completely [1039] generate it's own authentication challenge and processing [1040] bugfix; MapUrl__Map() SCRIPT result copy not checking [1041] for null resulting in occasional overflow error status [1042] bugfix; FileNextBlocks() ensure VARiable record format [1043] files have records read on word (even byte) boundaries [1044] bugfix; AuthConfigProxyMap() set cache record SYSUAF [1045] authentication boolean in tandem with request boolean [1046] bugfix; DclSysCommandAst() allow for the queued [1047] post-CGIplus script STOP/ID=0 and EOF [1048] bugfix; copy sentinals into request storage to prevent [1049] them (potentially) being overwritten by an early call [1050] to DclScriptProcessCompletionAST() [1051] bugfix; ResponseHeader() ensure a charset= supplied with [1052] a text content-type (e.g. from a CGI script) is used [1053] 15-SEP-2005 MGD v9.1.2, [1054] metacon "server-protocol:" as "1.1", "1.0", "0.9" [1055] SET proxy=reverse=[no]auth (jpp@esme.fr) [1056] AuthAcmeVerifyUser() remote IP address to refine intrusion [1057] data and reduce possibility of DOS attack on usernames [1058] support multiple IP addresses in host cache (jpp@esme.fr) [1059] support proxy to origin server failover (jpp@esme.fr) [1060] [ProxyConnectTimeoutSeconds] configures period proxy to [1061] origin server connection is attempted (1-60 seconds) [1062] add selected request data to ErrorNoticed() report [1063] /DO=ZERO=NOTICED to reset 'errors noticed' accounting [1064] refine OPTIONS ResponseOptions() to provide "Allow:" [1065] bugfix; raw proxy tunnelling requires a contrived connect [1066] request in NetRead() to initiate an AST to RequestGet() [1067] bugfix; AuthAcmeVerifyUser() ACME$_LOGON_TYPE requires [1068] IMPERSONATE (DETACH) privilege for VMS V7.3-1 and earlier [1069] bugfix; DECnetOsuDialog() allow CgiOutput() error responses [1070] bugfix; initialize TcpIpHostCacheExpireSeconds (jpp@esme.fr) [1071] 10-JUL-2005 MGD v9.1.1, [1072] [[?]] and service:? to match unknown virtual service [1073] OpenSSL v0.9.8 changed macro name EVP_F_EVP_DECRYPTFINAL [1074] bugfix; adjust CacheMemoryInUse/CachePermMemoryInUse [1075] bugfix; GzipDeflateCache() ambit buffer size calculation [1076] too small for small content lengths (just allow heaps!) [1077] 26-JUN-2005 MGD v9.1.0, [1078] SET throttle=/ per-user throttle [1079] SET script=symbol=[no]truncate [1080] allow for VMS V8.2 64 byte lksb$b_valblk [1081] /DO=DCL=[PURGE|DELETE]=[USER|SCRIPT|FILE]= [1082] script processes by username, script name, or file name [1083] /DO=NOTE= to provide admin mapping notes [1084] /DO=THROTTLE=[TERMINATE|RELEASE]=[USER|SCRIPT]= [1085] throttled requests by username or script name [1086] AdminMenu() [/DO=] button/field and supporting functionality [1087] caching of GZIP compressed content [1088] proxy cache GZIP compressed content [1089] revised multihoming so that the client specified IP address [1090] of a accept()ed connection is used to identify the service [1091] (this allows easier isolation of SSL certificates, etc.) [1092] metacon 'instance:' to allow testing of WASD instances [1093] metacon 'multihome:' to allow detection of mismatched [1094] multihomed IP addresses and services [1095] metacon 'note:' to allow testing of admin conditional notes [1096] metacon 'robin:' to allow round-robin distribution [1097] CGI variable SERVER_MULTIHOME present when above true [1098] provide PWDMIX mixed-case plus printable char passwords [1099] in AuthVmsVerifyPassword() and AuthVmsChangePassword() [1100] CgiVariable() allow path mapping script=symbol=truncate to [1101] truncate a CLI symbol within the limit of the current VMS [1102] version capacity, noting this in SERVER_TRUNCATE variable [1103] SesolaInitService() no longer needs to clone [1104] modify VM statistics to a max of 1024 pages and granularity [1105] of 8 (GZIP significantly increased memory requirements) [1106] DclTaskRunDown() proactively handle task after SS$_NONEXPR [1107] ProxyMaintSupervisor() return if caching not enabled [1108] IA64 TcpIpSetAgentInfo() Multinet uses UCX$IPC_SHR [1109] in the image header (TCP/IP Services' TCPIP$IPC_SHR) [1110] AuthVmsVerifyUser() WATCH which flag causes failure [1111] allow client-side GZIPing of non-GZIPed proxied responses [1112] (courtesy Jean-Pierre Petit at jpp@esme.fr) [1113] allow config files to be a logical search list [1114] (initially to support multiple language HTTPD$MSG files) [1115] relax configured file type check if path SETing [1116] script=command=<..> provides a full activation command [1117] HTTPD$VERIFY can now specify a REMOTE_ADDR IP address [1118] allow report path to exclude using negative codes [1119] SSI to response header [1120] SSI to pre-expire [1121] make EXQUOTA (particularly ASTLM) a little more obvious [1122] bugfix; remove mutex around spurious wake counter [1123] bugfix; MetaConLoad() allocate structure before non-filename [1124] return! (revealed by Alex Daniels with no HTTPD$SERVICE) [1125] bugfix; prevent expired SYSUAF password from being cached [1126] bugfix; ProxyEnd(rqptr) should be ProxyEnd(ktptr) in [1127] ProxyNetHostConnectAst() (jpp@esme.fr) [1128] bugfix; FileResponseHeader() if none-match entity and [1129] IfModifiedSince() logic [1130] bugfix; GzipDeflateCache() ambit buffer size caclulation [1131] (captr->ContentLength >> 9) now (.. >> 7) (jpp@esme.fr) [1132] bugfix; MapOdsUrlToOds2Vms() DECnet access string should [1133] be able to support the space required for password [1134] bugfix; HTTP_METHOD_.. constants needs to be a bitmap! [1135] bugfix; the Ben Burke collection :-) [1136] bugfix; SesolaNetClientShutdown() remove SSL_shutdown() [1137] (revealed by https: tunnelling shutdown) [1138] bugfix; keyword search exclusion on configured file type [1139] 04-FEB-2005 MGD v9.0.2, [1140] SET script=control=<...> [1141] [GzipFlushSeconds] controls GZIPed response flush interval [1142] NetWriteGzip() abandon using argument counts to determine [1143] AST usage or direct call, use NetWriteGzipAst() instead [1144] RequestParseAndExecute() and ProxyRequestBegin() remove [1145] explicit disable of POST & PUT connection persistence [1146] CgiOutput() if "Location:" is supplied but no HTTP [1147] status turn it into a 302 (see also ResponseHeader()) [1148] ResponseHeader() include 'rqResponse.LocationPtr' [1149] GzipShouldDeflate() disable PDF deflation by default [1150] bugfix; aarghh! NetWriteGzip()/NetWriteGzipAst() [1151] bugfix; ServiceConfigAdd(), NetHostNameLookup() status check [1152] bugfix; ProxyReadResponseAst() if required, chunking needs [1153] to be performed after header as well as body processing [1154] bugfix; NetWriteChunked() ensure an empty body is [1155] terminated with a chunk of zero [1156] bugfix; NetWrite() distinguish between "empty" data and [1157] end-of-stream (inducing occasional ZLIB buffer errors) [1158] bugfix; AuthorizeRealm() check for login cookie before [1159] revalidating new cache record credentials (jpp@esme.fr) [1160] 22-DEC-2004 MGD v9.0.1, [1161] introduce chunked responses where content-length is [1162] unknown to enhance connection persistence behaviour [1163] SET response=[no]chunked [1164] CGI Script-Control: X-transfer-encoding-chunked[=0|1] [1165] in Sesola_read() and Sesola_write() remove [1166] BIO_set_retry_..() and BIO_clear_retry_..(), [1167] bugfix; NetWriteGzip() AST no remaining data length [1168] bugfix; Sesola_read_ast() and Sesola_write_ast() [1169] zero I/O status block count on error status [1170] bugfix; MapOdsVmsToUnix() empty if empty [1171] 01-DEC-2004 MGD v9.0.0, [1172] HTTP/1.1 compliance [1173] persistent connections over SSL [1174] persistent proxy connections [1175] proxy tunnelling [1176] significant changes to proxy cache file processing [1177] GZIP transfer-encoding (reponse and request) [1178] allow ResponseHiss() kBytes [1179] allow throttling with zero requests being processed [1180] metacon 'request-method:?' tests for HTTP extension method [1181] metacon refined directive and request header field processing [1182] request redirect, CGI variable and proxy request field [1183] processing refined [1184] SET report=tunnel [1185] SET response=gzip=<...> [1186] SET script=body=[no]decode [1187] SET script=syntax=[no]unix [1188] [ConnectMax] (supercedes [Busy]) max concurrent connections [1189] [EntityTag] enables the generation of file "ETag:", [1190] [GzipAccept] accept gzip encoded request bodies [1191] [GzipResponse] level[,memory,window] gzip encoded responses [1192] [LogWriteFail503] service unavailable 503 response when [1193] access log write fails [1194] [PipelineRequests] enables pipeline processing [1195] [ProcessMax] max concurrent requests being processed [1196] [ProxyCacheNegativeSeconds] for non-success responses [1197] [ProxyConnectPersistMax] and [ProxyConnectPersistSeconds] [1198] for controlling proxy->server connection persistence [1199] [ServiceProxyTunnel] connect | firewall | raw [1200] [ServiceClientSSLcert] and others allow outgoing SSL config [1201] [TimeoutPersistent] supercedes [TimeoutKeepAlive] [1202] CGI Script-Control: X-content-encoding-gzip[=0|1] [1203] bugfix; FileVariableRecord() memset only if positive [1204] bugfix; (authorization) agents should not begin to read [1205] a POSTed request body (Jean-Pierre Petit, jpp@esme.fr)) [1206] bugfix; CgiOutputFile() missing sizeof(FILE_CONTENT) [1207] when VmReallocHeap() increasing buffer space [1208] bugfix; AuthReadSimpleList() group member password check [1209] 02-OCT-2004 MGD v8.5.3, [1210] revalidation periods and '?httpd=logout&goto=...' [1211] change from self-relative to absolute links in "Index of" [1212] anchor generation (broke usage in some SSI documents) [1213] bugfix; MetaconClientConcurrent() if IP address not the same! [1214] bugfix; auth=revalidate= is minutes not seconds [1215] bugfix; even number of bytes on a disk $QIO READVBLK [1216] bugfix; HttpTimerSet() after mapping in case of SET timeout [1217] bugfix; ServiceFindVirtual() port string comparison [1218] 31-JUL-2004 MGD v8.5.2, [1219] bugfix; StringMatchAndRegex() SMATCH__GREEDY_REGEX [1220] bugfix; (potential anyway) PutWriteFileClose()/PutEnd() [1221] bugfix; TcpIpNetMask() result in AuthRestrictList() [1222] bugfix; ProxyFtpPasvData() if PASV response address [1223] is 0.0.0.0 then use connect address [1224] 30-JUN-2004 MGD v8.5.1, [1225] bugfix; HttpdExit() INHIB_MSG test [1226] 07-JUN-2004 MGD v8.5.0, [1227] IPv6 (concurrent with IPv4) support [1228] ACME authentication (realm) [1229] [AuthSysUafUseACME] config directive [1230] config directives [DNSLookupClient] (formerly [DNSLookup]), [1231] [DNSLookupLifeTime] and [DNSLookupRetry] [1232] config directive [ProxyHostCachePurgeHours] obsolete [1233] SYSUAF user verification now checks pre-expired passwords [1234] changes to eliminate RMS from file access and proxy cache [1235] (WASD's doing all the content conversion work anyway!) [1236] by using ACP/QIOs and massaging record content explicitly [1237] (outgrowth of returns from 8.4.3 changes in this area) [1238] on-disk structure for each PASS result (ODS-2 or ODS-5) [1239] is applied to a path unless otherwise SET with ODS= [1240] bugfix; file cache pointer initialization before [1241] first call to CacheNext() [1242] bugfix; agent script should have non-strict-CGI ignored [1243] (stupid problem introduced with script output caching) [1244] 04-MAR-2004 MGD v8.4.3, [1245] read variable record format files using block IO and then [1246] explicitly process those records to produce a stream-LF [1247] block of data in their place! [1248] (provides in excess of 400% throughput boost!!! :^) [1249] set script process default directory before activation [1250] set script process parse extended/traditional if path ODS set [1251] CGI 'Script-Control: X-content-handler=SSI' field [1252] absorb CGI/NPH header during script CGI processing [1253] SET ssi=exec= [1254] script=default= [1255] SSI can now be enabled on a per-path basis using 'ssi=exec=#' [1256] SSI #exec (#dcl) directives can be allowed on per-path basis [1257] using SET ssi=exec= (e.g. 'ssi=exec=say,show') [1258] 'delete-on-close' file specification extended [1259] SSI [1260] metacon add server_process_gt:, change to client_connect_gt: [1261] and server_connect_gt: to better reflect functionality [1262] service access log report (last 65kB of an access log) [1263] add connect processing and keep-alive accounting items [1264] DECC 6.2 objected to '$DESCRIPTOR(name,ptr->string)' [1265] bugfix; rare RECTOOBIG on variable record length file where [1266] longest record exceeded 'OutputBufferSize' so initialize [1267] buffer to maximum of 'OutputBufferSize' or file lrl [1268] bugfix; RequestExecute() re-set error by redirect [1269] bugfix; ErrorGeneral() always get module name and number [1270] bugfix; DclAllocateTask() CGIplus with virtual services [1271] bugfix; ProxyFtpListProcessUnix() maximum fields handling [1272] 08-JAN-2004 MGD v8.4.1, [1273] SET response=header=[no]add[=""] [1274] 04-JAN-2004 MGD v8.4.0, [1275] compilation and run-time support for IA64 [1276] for VMS 7.3-2 and later take advantage of the larger [1277] EDCL CLI line (255->4095) and symbol (1024->8192) sizes [1278] 'config directory' located authorization databases [1279] authorization path keyword 'final' to conclude further [1280] rule mapping at that point (as if none matched) [1281] rule mapping "set map=root=" allows a set of rules [1282] to be rooted to a particular path (CGI document-root) [1283] support "Range: bytes=[,..]" request field [1284] for non-VAR-record files and cached files [1285] provide network mode operation (server and scripts) [1286] revise detached process cleanup candidate identification [1287] (now requires CMKRNL privilege to use $GRANTID service) [1288] modify DCL.C script activation code (allow qualifiers [1289] and/or parameters to be supplied from path setting) [1290] extensive rework of cache module to allow non-file content [1291] (e.g. script) output to be cached [1292] [CacheGuardPeriod] configuration directive [1293] optional HTTPD$MSG [language] 'charset=' parameter [1294] HTA database now "read [record] regardless of lock" [1295] SET cache=[no]cgi, cache=expires=, cache=[no]file, [1296] cache=[no]net, cache=maxkbytes=, cache=[no]nph, [1297] cache=[no]script, cache=[no]ssi, [1298] map=root=, [1299] map=set=[no]ignore, map=set=[no]request, [1300] proxy=reverse=location=, proxy=reverse=verify, [1301] response=header=[append|full|none], [1302] script=command= [1303] reverse-proxy 302 "Location: ..." response can have the [1304] location URL rewritten to reflect the original host [1305] reverse-proxy can be locally authorized and then have [1306] that verified by the proxied-to server (UMA) [1307] metacon "document-root:" ('DR') reflects "set map=root=" [1308] add "client_current_gt:" and "server_current_gt:" [1309] /PERSONA=IDENT= is now available for PERSONA_MACRO [1310] mapping now URL-encodes a redirect wildcard path portions [1311] rework some report item format and content [1312] check Digest authentication against Mozilla 1.4 [1313] only check SYSUAF secondary password expiry date/time [1314] if the secondary password hash is not empty [1315] bugfix; error report by redirect, set after virtual host [1316] bugfix; GraphActivityPlotBegin() and GraphActivityDataScan() [1317] signed/unsigned issue masking out request value [1318] bugfix; chained proxy CONNECT processing [1319] bugfix; keep track of outstanding body reads [1320] bugfix; according to the doco "Index of"s from SSI should [1321] not be delimited top or bottom (up to SSI to caption it!) [1322] bugfix; DclScriptProcessPurge() [1323] 12-OCT-2003 MGD v8.3.2, [1324] bugfix; DECnet allow for outstanding network writes [1325] bugfix; "internal" script detection [1326] bugfix; MetaConLoad() [IncludeFile] [1327] bugfix; ProxyRequestRebuild() rebuild buffer space [1328] bugfix; suppress output after "Script-Control: x-error..." [1329] bugfix; keyword search exclude file type [1330] bugfix; notepad needs to be explicitly NULLed [1331] bugfix; MAP-FILE: stripping leading character [1332] bugfix; DECnet allow for outstanding body reads [1333] 15-AUG-2003 MGD v8.3.1, [1334] allow the database directory location to be specified using [1335] authorization rule 'param="/directory=device:[directory]"' [1336] allow for and keep track of $HIBER spurious wakes [1337] massage SYSUAF-authenticated remote username to comply [1338] with VMS requirements [1339] suppress digest auth challenge except for HTA and external [1340] where CDATA constraints make using entity impossible [1341] use a field name of hidden$lf and ^ substituted [1342] with the BODY.C module doing some sleight-of-hand with it [1343] (modern browsers like Mozilla were having issues) [1344] BODY_DISCARD_CHUNK_COUNT made *very* large [1345] bugfix; ServiceConfigReviseNow() form element names must be [1346] unique (technically correct, enforced by modern browsers) [1347] bugfix; AuthCacheAddRecord() [1348] bugfix; check for NULL pointer 'cnptr->ReuseConnection' [1349] bugfix; DECnetCgiDialog() not strict wait for EOF sentinal [1350] bugfix; do not allow SET mapping during a callout [1351] bugfix; use _BBCCI() to clear the mutex in InstanceExit()!! [1352] bugfix; SesolaCacheAddRecord() oldest tick second [1353] 28-JUN-2003 MGD v8.3.0, [1354] regular expression support [1355] [AuthFailurePeriod], [AuthFailureTimeout], [1356] [ProxyUnknownRequestFields], [RegEx] directives [1357] SET cache=[no]perm, cache=max= [1358] SET notepad= and if (notepad:) [1359] metacon "notepad:", "regex:", "request:" ('RQ'), "restart:" [1360] [Match] Server Admin item, report, and WATCH item [1361] file cache support for permanent and volatile entries [1362] improve efficiency RequestRedirect() & ProxyRequestRebuild() [1363] store and provide unrecognised request header fields [1364] rework break-in detection and processing [1365] (configuration defaults to LGI sysgen parameters and now [1366] operates in the same way as described for general VMS) [1367] /SYSUAF=(VMS,ID) allows concurrent VMS and ID authorization [1368] add proxy cache device error count statistics [1369] home pages may now be [Welcome]+[DclScriptRunTime] specified [1370] (i.e. provided via scripting environments such as PHP) [1371] request heap statistics and VmRequestTune() [1372] bugfix; add HTTP protocol to combined/common format URL [1373] bugfix; request body to be read needs to be the smaller of [1374] remaining body or buffer size (jpp@esme.fr) [1375] bugfix; InstanceMutex..() use _BBCCI() to clear the mutex [1376] bugfix; FILE.C FileSetCharset() following CacheSearch() [1377] moved to CACHE.C module (ACCVIO if entry NULLed) [1378] bugfix; ProxyMaintDeviceStats() volume count (set) handling [1379] bugfix; ServiceConfigFromString() (jpp@esme.fr) [1380] bugfix; DirFormatLayout() static flags (jpp@esme.fr) [1381] bugfix; request SET Html.. memory allocation (jpp@esme.fr) [1382] bugfix; MetaConParse() decrement index (back) when [1383] not currently executing an if()inline directive [1384] bugfix; (and refine) DECnetSupervisor() [1385] bugfix; DclSysOutputAst() do not rundown script process [1386] if the error generated came from "Script-Control:" [1387] bugfix; CGI(plus) allow for '!' from (!$blah) mapping rule [1388] 09-APR-2003 MGD v8.2.0, [1389] some minor logging format changes for server entries [1390] wildcard and comma-separated list of languages [1391] can be specified (e.g. "[Language] es-ES,es,es-*") [1392] [ProxyForwarded] supercedes [ProxyAddForwardedBy] with [1393] proxy=forwarded[=...] mapping rule [1394] [ProxyXForwardedFor] configuration directive with [1395] proxy=xforwardedfor[=...] mapping rule to support [1396] proxy generation of "X-Forwarded-For:" header field [1397] authentication agent '100 REASON any text' [1398] script=as=$? to indicate optional use of SYSUAF username [1399] SET dir=style[=default|original|anchor|htdir], [1400] SET html=[bodytag|header|headertag|footer|footertag]=[..] [1401] and incorporation in "Index of", selected other facilities [1402] SET cgiplusin=[none|cr|lf|crlf], SET cgiplusin=eof, [1403] SET script=query=none, SET script=path=find, [1404] SET [no]search=none [1405] disable 'NetMultiHomedHost' (should not be required [1406] for modern virtual service processing) [1407] script=params=+(name=value) concatenates to any existing [1408] HTAdminPasswordChange() check for VMS group write [1409] processes created using HttpdDetachServerProcess() now have [1410] a YYYYMMDDHHMMSS timestamp as part of the process log name [1411] with RTEs look first for one that was executing the same [1412] script, then if not found fall back to (any) LRU RTE [1413] SYSUAF security profile via rule and /PROFILE=BYRULE [1414] script as SYSUAF username can be requested with auth rule [1415] allow [[service]] to include the [[scheme://service]] [1416] relax ServiceParse() so that [[the.host.name]] is accepted [1417] enable SYSPRV in HTAdminDatabaseSearch() [1418] relax initial CGI response line checking [1419] build 'records' from script single byte output streams [1420] general (non-RTE) run-time allowed with (!..) syntax [1421] both run-time specifications allowed with SCRIPT rule [1422] added GATEWAY_EOF/EOT/ESC CGI variables [1423] sentinals changed to have only RMS-compliant characters [1424] supply more detail from "%DCL-E-OPENIN, blah" responses [1425] SesolaParseCertDn() record /email and /emailAddress [1426] bugfix; Alpha VMS V7.1 or earlier sys$persona_assume() [1427] needs to be used in the same way as for VAX [1428] bugfix; RequestRedirect() append remain CGI response header [1429] bugfix; body provision for script processing restart [1430] bugfix; proxy FTP ResponseHeader() content-length of zero [1431] bugfix; StringParseQuery() loop on string overflow [1432] bugfix; HTAdminPasswordChange() cache reset realm [1433] bugfix; error recovery in Sesola_read() and Sesola_write() [1434] bugfix; DECnetFindCgiScript() foreign verb creation [1435] 10-JAN-2003 MGD v8.1.1, [1436] SET script=query=relaxed [1437] AuthVmsLoadIdentifiers() more flexible [1438] bugfix; ControlEnqueueCommand() occasional race condition [1439] 07-DEC-2002 MGD v8.1.0, [1440] SET auth=all (path must be subject to authorization or fail) [1441] CGI 'Control-Script:' X-error-... fields [1442] add 'mp' mapping and 'mapped-path:' metacon conditionals [1443] add 'rc' mapping and 'redirected:' metacon conditionals [1444] add 'st' mapping and 'script-name:' metacon conditionals [1445] add "path-translated:" metacon conditional [1446] skeleton-key authentication [1447] refine mapping rule processing to ensure that paths with [1448] forbidden syntax generate RMS bad syntax [1449] check for device and directory (minimum) before parse [1450] refine metacon reporting (reporting detected errors to OPCOM) [1451] the server now detects the presence of HTTP$NOBODY [1452] account and scripts using that [1453] if the server is using HTTP$NOBODY or /script=as= [1454] DECnet scripting now uses the same account [1455] refine VMS security profile usage (no, just coincidence!) [1456] to allow VMS profile authorized requests to override [1457] directory listing controls (amongst other things) [1458] server process log is now accessable via the Admin Menu [1459] additional mapping functionality (SET query-string=) [1460] no sneaky getting directory contents by downloading files! [1461] CGI.C in non-strict CGI mode report anything like [1462] "%DCL-E-OPENIN, blah" as a failed script activation [1463] PUT.C allow for white-space in multipart file names [1464] bugfix; in OdsNameOfDirectoryFile() use SYSPRV [1465] around sys$parse() to ensure access to directory [1466] bugfix; set path dir=access not ignored [1467] 25-SEP-2002 MGD v8.0.1 [1468] additional persona counters [1469] /script=as= allows a NOBODY scripting environment [1470] without enabling PERSONA in general [1471] require account SYSPRV for certain command-line activities [1472] implement /persona=[authorized|relaxed|relaxed=authorized] [1473] to prevent inadvertant scripting using privileged accounts [1474] HttpdDetachServerProcess() [STARTUP]STARTUP_SERVER.COM [1475] MapOdsElementsToVms() excise parent directory syntax [1476] only use MapUrl_VmsUserName() path ODS if not already set [1477] SET report=4nn=nnn for mapping HTTP status [1478] SET map=ellipsis now required to map VMS '...' wildcard [1479] SET dir=charset= directory listing charset mapping rule [1480] support 'script=as=' functionality, plus DECnet variants [1481] NODE"$":: substitutes SYSUAF authenticated username into [1482] access string (for proxy access to account) and [1483] NODE"~":: substitutes '/~username/' username in same way [1484] set path en/decoding for RSI (MultiNet NFS), PATHWORKS (v4), [1485] Advanced Server (PATHWORKS v6) / Samba file naming schemas [1486] (as well as for ODS-2 and ODS-5) [1487] AuthVmsCheckUserAccess() traps SS$_NOCALLPRIV returning [1488] SS$_NOPRIV to allow directory listings of DFS volumes [1489] introduce fab$b_rfm and fab$b_rat as fields to allow [1490] PUT.C to specifically set these attributes as required [1491] refine SesolaReport() for obtaining service ciphers [1492] (OpenSSLv0.9.6f/0.9.7-beta break it) [1493] local redirection should have the path re-URL-encoded [1494] FAO change function of "!&U" to "!&P", new "!&U" [1495] enhance authentication and SSL global section creation [1496] allow for 'pass /* 400' (i.e. no trailing message) [1497] RFC1413 authorization with DNS lookup use host name to [1498] construct remote user string [1499] rework path alert notification for greater functionality [1500] bugfix; make ServiceConfigLoad() file not found non fatal [1501] bugfix; ConfigIconFor() terminate on content-type [1502] bugfix; if restart MIME boundary matching algorithm [1503] using that char (allow for --..boundary) [1504] bugfix; 'Xray' broken in v8, repaired and reworked [1505] bugfix; always revalidate X509 and RFC1413 [1506] (for path authorization after script) [1507] bugfix; 'script' and 'exec' MetaConParseReset() state [1508] bugfix; set AuthCacheRecordSize from HTTPD$CONFIG value [1509] bugfix; when discarding via BodyReadBegin() use BodyRead() [1510] to queue a network read only if data is outstanding [1511] bugfix; template/result wildcard checking for scripting rules [1512] bugfix; do not count callout records for CGI header purposes [1513] 03-JUL-2002 MGD v8.0.0 [1514] "instance" capability (loosely coupled, multiple [1515] socket/service-sharing servers on the one system) [1516] meta-config (integrated config, mapping, service, auth), [1517] provide "module WATCHing" for on-line, ad hoc debug [1518] SET script=params=(name=value), proxy=bind=
and [1519] proxy=chain= mapping rules [1520] asynchronous block processing of POST and PUT request body [1521] some accomodations for Mozilla-HTTP/1.1 "Cache-Control:" [1522] improve performance with EFN$C_ENF and use explicitly [1523] allocated event flags for avoiding potential interactions [1524] client host name lookup now asynchronous [1525] FTP proxying processing [1526] /DEMO demonstration mode [1527] 29-JUN-2002 MGD v7.2.3 [1528] some accomodations for Mozilla-HTTP/1.1 "Cache-Control:" [1529] bugfix; [ProxyCacheNoReloadSeconds] parsing [1530] bugfix; (well sort of) it would appear that after NO_CONCEAL [1531] searching and a sys$open() must sys$close() *before* the [1532] SYNCHCK sys$parse() release resources otherwise a channel [1533] bugfix; ensure when OdsParse() is used successively with [1534] the same ODS structure that previous resources are first [1535] released (can present a problem unique to search lists) [1536] to the device is left assigned!! [1537] bugfix; ensure sys$search() RMS channel is released [1538] bugfix; ProxyResolveHostCache() NULL 'rqptr' [1539] bugfix; account/password expiry [1540] bugfix; DclFindFileEnd() reset result file name [1541] bugfix; SsiAccessesClose() now synchronous using SYSPRV [1542] 13-APR-2002 MGD v7.2.2 [1543] Authorize() allow /NO401 parameter to suppress server [1544] challenge to allow external agent to response (e.g. PHP) [1545] ProxyHostConnectAst() invalidate host cache entry [1546] NetCreateService() checks previously bound address [1547] MapOdsUrlToVms() eliminate chance of device:[.directory] [1548] make a proxy reactive purge initially more agressive [1549] keep-alive decision logic to RequestFields() [1550] bugfix; ensure only one request revalidates a cache entry at [1551] a time (multiple could cause eventual channel exhaustion) [1552] bugfix; switch return not break with next reactive scan [1553] bugfix; AuthConfigProxyMap() wildcard string results [1554] bugfix; ODS-5 parent directories with multiple periods [1555] bugfix; command-line proxy cache maintenance reporting [1556] bugfix; FileNextRecordAst() VAR file into contents buffer [1557] bugfix; MAPURL.C throttle report [1558] bugfix; AuthCacheAddRecord() and host group without "host=" [1559] bugfix; reset SSL state to SSL_ST_OK if renegotiation fails [1560] bugfix; DclTaskRunDown() reset script task type [1561] bugfix; MsgFor() Accept-Lang: comparison [1562] bugfix; NetAcceptAst() deassign channel when connect dropped [1563] bugfix; wildcard substitution in MapUrl__Map() [1564] bugfix; StringMatch() wildcard matching [1565] bugfix; close log file for ALL services in LOGGING.C [1566] bugfix; !&M formatting directive in PROXYCACHE.C [1567] bugfix; /RELAXED should allow all but DISUSERed accounts [1568] to authenticate regardless of RESTRICTED or CAPTIVE flags [1569] 03-NOV-2001 MGD v7.2.1 [1570] PERSONA.C using PERSONA.MAR can now provide persona scripting [1571] for pre-VMS 6.2 VAX systems (CAUTION!! - UNSUPPORTED) [1572] "TASK=CGI..", "0=CGI.." recognised as DECnet CGI dialog [1573] FAB$M_TEF to deallocate unused log file space [1574] StringMatch() replaces SearchTextString() for more [1575] light-weight text matching (affects six modules) [1576] [SsiSizeMax] and [ProxyCacheNoReloadSeconds] [1577] FILE.C block I/O complete if _rsz is less than _usz [1578] 'ProxyCacheNoReloadSeconds' limits immediate (pragma) reload [1579] ensure mapping conditional not mistaken for missing template [1580] kludge work around spawning authorized privs with $CREPRC [1581] bugfix; ensure only one request revalidates a cache entry at [1582] a time (multiple could cause eventual channel exhaustion) [1583] bugfix; close current log file if period changes [1584] bugfix; DECnet user script mapping [1585] bugfix; FileNextBlocksAst() 'ContentRemaining' [1586] bugfix; wildcard substitution in MapUrl__Map() [1587] bugfix; sys$close() in OdsLoadTextFile() [1588] bugfix; always generate callout sequences [1589] bugfix; a bugfix in VMS V7.2 has broken the previously [1590] working usage of IO$_MODIFY in ProxyCacheSetLastAccessed() [1591] bugfix; activity graphic [1592] bugfix; check ParseQueryField() in WatchBegin() for NULL [1593] bugfix; allow agent to provide 'CGIPLUS:' directive [1594] bugfix; 'layout=U' upper-casing [1595] 01-JUL-2001 MGD v7.2.0 [1596] X.509 authentication and authorization [1597] RFC1413 (identfication protocol) authorization [1598] remote user to vms user (SYSUAF authorization) proxy mapping [1599] proxy cache maintainence may now be done from the CLI [1600] HTL list maintenance can now be done from the Admin Menu [1601] a fatal authorization problem now disables authorization [1602] "hh:mm:ss" allows for a more versatile period [1603] concurrent processing controls (request "throttling") [1604] improved script process run-down conditions and handling [1605] HttpdTick() drives XxxSupervisor()s [1606] control (/DO= and Admin menu) now via a global section [1607] monitor (HTTPDMON) data now supplied via a global section [1608] suppress CGI content-type "x-internal..." [1609] [IncludeFile] for all configuration files [1610] request supervisor refinements [1611] .URL file processing [1612] 01-JUL-2001 MGD v7.1.2 [1613] add selective status codes to error report path [1614] refine 'view' and 'list' redirection in UPD.C [1615] refine logging RMS characteristics (500% improvement) [1616] provide for ODS-5 "hidden" files ('^.') [1617] check network status during SSL accept [1618] EXEC of file type [1619] remove http: check from SesolaAccept() [1620] bugfix; parsing of [ServiceProxyChain] [1621] bugfix; 'RU' conditional [1622] bugfix; SCRIPT_FILENAME with CGIplus [1623] bugfix; NetThisVirtualService() and call conditions [1624] bugfix; SesolaFree() BioPtr [1625] bugfix; AuthVmsCheckUserAccess() return SS$_NOPRIV [1626] bugfix; ParseNetMask() and VSLM mask processing [1627] bugfix; sys$create_user_profile() length size from word [1628] (System Services Manual) to unsigned int (startlet.h)! [1629] bugfix; authorization network masks [1630] bugfix; directory specfication length (sys$check_access()) [1631] bugfix; HTAdminPasswordChange() call to FaoToOpcom() [1632] bugfix; AuthGenerateHashPassword() force upper-case [1633] bugfix; final status at write group/no read group check [1634] 18-JAN-2001 MGD v7.1.1 [1635] HTTPD$SCRATCH automatic script scratch file cleanup [1636] authentication agent can now '100 SET-COOKIE rfc2109-cookie' [1637] bugfix; memory leak in AUTH.C [1638] bugfix; FILE.C make a search list DNF appear as a FNF [1639] bugfix; /PROFILE empty directory passing incorrect parameter [1640] bugfix; general error reporter variable arguments [1641] bugfix; final authorization failure should specify 403 [1642] bugfix; ensure mapping rules exist for authentication agents [1643] bugfix; control cache purge arguments [1644] 17-OCT-2000 MGD v7.1.0 [1645] sys$creprc() scripting [1646] sys$persona...() scripting [1647] Run Time Environments (RTEs) [1648] server-group/cluster-wide directives (via DLM) [1649] further refined CGI.C module output handling [1650] apply authorization to SSI.C #include'd and #dir'e [1651] client socket (BGnnnn:) potentially sharable for scripts [1652] proxy cache device directory organization flat256/64x64 [1653] modify SSL initialization to better indicate "fallback" [1654] integration of WATCH peek/one-shot [1655] 03-SEP-2000 MGD v7.0.2 [1656] limit script output of ENDOFFILE [1657] if CGI response "Content-Encoding:" force stream mode [1658] bugfix; ProxyResolveHostLookup() can be called multiple [1659] during host name resolution - only allocate channel once!! [1660] bugfix; include Accept-Encoding when redirecting [1661] bugfix; ParseQueryField() string length check [1662] 09-JUL-2000 MGD v7.0.1 [1663] locking around proxy cache scans [1664] add "success=" 303 processing to PUT.C file upload [1665] improve CgiOutput() header processing (again!) [1666] correct concealed/searchlist parsing [1667] allow "302 location" redirection from authentication agent [1668] bugfix; proxy CONNECT service [1669] bugfix; HEAD requests specifying content-length [1670] bugfix; WatchCliSettings() storage [1671] 01-JUN-2000 MGD v7.0.0 [1672] support extended file specifications [1673] (ODS-5 under Alpha VMS V7.2ff) [1674] event reporting via OPCOM [1675] some "Apache" support for easing CGI script ports [1676] access log file naming refinements [1677] 18-MAR-2000 MGD v6.1.3 [1678] bugfix; authconfig processing [1679] 06-JAN-2000 MGD v6.1.2 [1680] authorization failure limit evasion period [1681] numerous warnings from DECC v6.2 addressed [1682] bugfix; user restriction list pass (broken in 6.1) [1683] 17-DEC-1999 MGD v6.1.1 [1684] bugfix; quote double-up in CgiVariable() (INSVIRMEM exit) [1685] 04-DEC-1999 MGD v6.1.0 [1686] "agent" authentication/authorization [1687] CGI(plus) processing provides callouts [1688] SSI module now supports OSU-specific directives [1689] /SYSPRV now allows operation with SYSPRV turned on [1690] "one-shot" WATCH and "peek" reports [1691] output no-progress timer [1692] remove NETLIB support [1693] 16-OCT-1999 MGD v6.0.3 [1694] bugfix; sys$create_user_profile [1695] bugfix; mapping storage overflow [1696] USER mapping rule for SYSUAF access [1697] 12-SEP-1999 MGD v6.0.2 [1698] minor changes to authorization processing [1699] bugfix; service parsing and SSL [1700] virtual services now match using "Host:" field [1701] 19-JUN-1999 MGD v6.0.1 [1702] refinements to request termination/rundown [1703] bugfix; DECnet (CGI and OSU) task handling [1704] bugfix; proxy request HTTP/0.9 response processing [1705] 30-MAY-1999 MGD v6.0.0 [1706] proxy, with HTTP caching [1707] OpenSSL 0.9.3 support (also SSLeay support) [1708] extended authorization/authentication environment [1709] 31-MAR-1999 MGD v5.3.4 [1710] bugfix; SesolaReport(), HttpHeaderChallenge() [1711] 28-MAR-1999 MGD v5.3.3 [1712] SSI variables global (when "#include"ing other SSI) [1713] SSI read buffer determined by 'FileXabFhc.xab$w_lrl' [1714] 05-FEB-1999 MGD v5.3.2 [1715] bugfix; FileNextRecord() zero '_usz' [1716] 10-JAN-1999 MGD v5.3.1 [1717] greater granularity when WATCHing authorization [1718] bugfix; OSU scripting pass *mapped* file spec [1719] 14-NOV-1998 MGD v5.3.0 [1720] [[host:port]] virtual service syntax [1721] [AddType] can now "text/html; charset=ISO-8859-1" [1722] [CharsetDefault] sets text and server character set [1723] improved AST granularity several significant modules [1724] WATCH report and CLI [1725] RMS-invalid substitution character in mapping rules [1726] bugfix; NameOfDirectoryFile() [1727] 29-AUG-1998 MGD v5.2.0 [1728] reuse DECnet task connections [1729] allow specified hosts exclusion from logging [1730] stream-LF conversion only on specified paths [1731] bugfix; SYS$TIMEZONE_DIFFERENTIAL processing [1732] bugfix; DECnet tasks not aborted at timeout [1733] 07-JUL-1998 MGD v5.1.0 [1734] add eXtended Server Side Includes processing [1735] design-problem; modify CGIplus script rundown [1736] SYSUAF authentication by identifier [1737] per-service logging [1738] rqptr->rqTmr.Terminated (occasional lib$get_vm() [1739] %LIB-F-BADLOADR around connection expiry termination) [1740] 20-DEC-1997 MGD v5.0.0 [1741] optional Secure Sockets Layer (using SSLeay) [1742] DECnet-based scripting including OSU emulation [1743] miscellaneous revisions and "improvements" [1744] 07-JAN-1997 MGD v4.5.2 [1745] bugfix; record-mode file transfer [1746] bugfix; activity graph [1747] 06-DEC-1997 MGD v4.5.1 [1748] resolving a suspected inconsistent AST delivery situation [1749] by requiring all $QIO()s with AST routines to ensure any [1750] queueing errors etc. are reported via the AST routine by [1751] an explicit $DCLAST() ... this removes ambiguity about how [1752] $QIO() returns should be handled ... drastic but desperate [1753] times, etc. (a more consistent and desirable model anyway :^) [1754] 02-NOV-1997 MGD v4.5.0 [1755] file cache [1756] logging periods [1757] HttpdSupervisor() [1758] configurable script run-time environments [1759] additional request header fields [1760] 18-OCT-1997 MGD v4.4.1 [1761] bugfix; duration [1762] bugfix; logging period [1763] 01-OCT-1997 MGD v4.4.0 [1764] message module [1765] conditional rule mapping [1766] SYSUAF-authenticated user access control [1767] multi-homed/multi-port services [1768] (some NETLIB packages now cannot DNS lookup) [1769] echo and Xray internal scripts [1770] extensions to logging functionality [1771] additional command-line server control [1772] bugfix; redirection loop detection [1773] 01-AUG-1997 MGD v4.3.0 [1774] MadGoat NETLIB broadens TCP/IP package support [1775] server activity report [1776] 16-JUL-1997 MGD v4.2.2 [1777] bugfix; WORLD realm and access list [1778] 07-JUL-1997 MGD v4.2.1 [1779] minimum heap allocation chunk size [1780] prevent keep-alive timeout redefining request logical [1781] 01-JUL-1997 MGD v4.2.0 [1782] change name to WASD (Wide Area Surveillance Division) [1783] persistent DCL subprocesses and CGIplus [1784] (see re-written DCL.C module) [1785] scripting and client reports [1786] potential multi-thread problems in reports fixed [1787] 27-MAR-1997 MGD v4.1.0 [1788] rationalized HTTP response header generation [1789] delete on close for "temporary" files to support [1790] UPD module "preview" functionality ... WARNING, any [1791] file with a name comprising a leading hyphen [1792] sixteen digits and a trailing hyphen will be deleted! [1793] 01-FEB-1997 MGD v4.0.0 [1794] HTTPd version 4 [1795] 01-OCT-1996 MGD v3.4.0 [1796] extended server reporting [1797] 01-AUG-1996 MGD v3.3.0 [1798] realm/path-based authorization [1799] BASIC and DIGEST authentication [1800] PUT(/POST/DELETE) module [1801] StmLf module (variable to stream-LF file conversion) [1802] 12-APR-1996 MGD v3.2.0 [1803] file record/binary now determined by record format [1804] persistent connections ("Keep-Alive" within HTTP/1.0) [1805] moved RMS parse structures into thread data [1806] improved local redirection detection [1807] observed Multinet disconnection/zero-byte behaviour [1808] (request now aborts if network read returns zero bytes) [1809] 15-FEB-1996 MGD v3.1.1 [1810] fixed rediculous :^( bug in 302 HTTP header [1811] minor changes to request accounting and server report [1812] minor changes for user directory support [1813] minor changes to error reporting [1814] 03-JAN-1996 MGD v3.1.0 [1815] support for both DEC TCP/IP Services and TGV MultiNet [1816] 01-DEC-1995 MGD v3.0.0 [1817] single heap for each thread's dynamic memory management [1818] extensive rework of DCL subprocess functionality [1819] HTML pre-processsing module (aka Server Side Includes) [1820] NCSA/CERN compliant image-mapping module [1821] NetWriteBuffered() for improving network IO [1822] miscellaneous reworks/rewrites [1823] 27-SEP-1995 MGD v2.3.0 [1824] carriage-control on non-header records from [1825] to single ('\n' ... newline), some browsers expect [1826] only this (e.g. Netscape 1.n was spitting on X-bitmaps) [1827] added Greenwich Mean Time time-stamp functionality [1828] added 'Referer:', 'If-Modified-Since:', 'User-Agent:' [1829] 07-AUG-1995 MGD v2.2.2 [1830] optionally include commented VMS file specifications [1831] in HTML documents and VMS-style directory listings [1832] 16-JUN-1995 MGD v2.2.1 [1833] added file type description to "Index of" (directory) [1834] 24-MAY-1995 MGD v2.2.0 [1835] minor changes to allow compilation on AXP platform [1836] 03-APR-1995 MGD v2.1.0 [1837] add SYSUAF authentication, POST method handling [1838] 20-DEC-1994 MGD v2.0.0 [1839] multi-threaded version [1840] 20-JUN-1994 MGD v1.0.0 [1841] single-threaded version [1842] */ [1843] /*****************************************************************************/ [1844] [1845] #ifndef VERSION_H_LOADED [1846] #define VERSION_H_LOADED 1 [1847] [1848] /* five characters or less */ [1849] #define HTTPD_NAME "WASD" [1850] #define HTTPD_SOFTWAREID_NAME "HTTPd-WASD" [1851] [1852] /* keep HTTPD_GBLSEC_VERSION in step with this version (as necessary) */ [1853] #define HTTPD_VERSION "12.0.0" [1854] [1855] /* used to name and to detect changes in global section data structures */ [1856] #define ACTIVITY_GBLSEC_VERSION_NUMBER 0x120000 /* i.e. 12.00.00 */ [1857] #define AUTH_GBLSEC_VERSION_NUMBER 0x120000 [1858] #define AUTH_TOKEN_GBLSEC_VERSION_NUMBER 0x120000 [1859] #define HTTPD_GBLSEC_VERSION_NUMBER 0x120000 [1860] #define SESOLA_GBLSEC_VERSION_NUMBER 0x120000 [1861] #define PROXYVERIFY_GBLSEC_VERSION_NUMBER 0x120000 [1862] [1863] /* used as part of the the "instance" lock names, allowed range 1..15 */ [1864] #define HTTPD_LOCK_VERSION 1 [1865] [1866] VersionInfo(); [1867] [1868] #endif /* VERSION_H_LOADED */ [1869] [1870] /*****************************************************************************/