2 ===================================================================
3 --- configure.in (.../tags/lighttpd-1.4.13) (revision 1718)
4 +++ configure.in (.../branches/lighttpd-1.4.x) (revision 1718)
7 AC_MSG_RESULT($WITH_LUA)
8 if test "$WITH_LUA" != "no"; then
9 - if test "$WITH_LUA" == "yes"; then
10 + if test "$WITH_LUA" = "yes"; then
13 PKG_CHECK_MODULES(LUA, $WITH_LUA >= 5.1, [
18 -do_build="mod_cgi mod_fastcgi mod_proxy mod_evhost mod_simple_vhost mod_access mod_alias mod_setenv mod_usertrack mod_auth mod_status mod_accesslog mod_rrdtool mod_secdownload mod_expire mod_compress mod_dirlisting mod_indexfiles mod_userdir mod_webdav mod_staticfile mod_scgi mod_flv_streaming"
19 +do_build="mod_cgi mod_fastcgi mod_extforward mod_proxy mod_evhost mod_simple_vhost mod_access mod_alias mod_setenv mod_usertrack mod_auth mod_status mod_accesslog mod_rrdtool mod_secdownload mod_expire mod_compress mod_dirlisting mod_indexfiles mod_userdir mod_webdav mod_staticfile mod_scgi mod_flv_streaming"
21 plugins="mod_rewrite mod_redirect mod_ssi mod_trigger_b4_dl"
22 features="regex-conditionals"
24 ===================================================================
25 --- src/mod_cgi.c (.../tags/lighttpd-1.4.13) (revision 1718)
26 +++ src/mod_cgi.c (.../branches/lighttpd-1.4.x) (revision 1718)
28 CONST_BUF_LEN(con->authed_user));
32 + if (srv_sock->is_ssl) {
33 + cgi_env_add(&env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on"));
37 /* request.content_length < SSIZE_MAX, see request.c */
38 ltostr(buf, con->request.content_length);
39 cgi_env_add(&env, CONST_STR_LEN("CONTENT_LENGTH"), buf, strlen(buf));
41 ===================================================================
42 --- src/base.h (.../tags/lighttpd-1.4.13) (revision 1718)
43 +++ src/base.h (.../branches/lighttpd-1.4.x) (revision 1718)
45 enum { STAT_CACHE_ENGINE_UNSET,
46 STAT_CACHE_ENGINE_NONE,
47 STAT_CACHE_ENGINE_SIMPLE,
52 unsigned short enable_cores;
54 Index: src/connections.c
55 ===================================================================
56 --- src/connections.c (.../tags/lighttpd-1.4.13) (revision 1718)
57 +++ src/connections.c (.../branches/lighttpd-1.4.x) (revision 1718)
65 case 206: /* write_queue is already prepared */
66 - con->file_finished = 1;
69 case 205: /* class: header only */
80 Index: src/configfile.c
81 ===================================================================
82 --- src/configfile.c (.../tags/lighttpd-1.4.13) (revision 1718)
83 +++ src/configfile.c (.../branches/lighttpd-1.4.x) (revision 1718)
85 srv->srvconf.stat_cache_engine = STAT_CACHE_ENGINE_SIMPLE;
86 } else if (buffer_is_equal_string(stat_cache_string, CONST_STR_LEN("simple"))) {
87 srv->srvconf.stat_cache_engine = STAT_CACHE_ENGINE_SIMPLE;
89 } else if (buffer_is_equal_string(stat_cache_string, CONST_STR_LEN("fam"))) {
90 srv->srvconf.stat_cache_engine = STAT_CACHE_ENGINE_FAM;
92 } else if (buffer_is_equal_string(stat_cache_string, CONST_STR_LEN("disable"))) {
93 srv->srvconf.stat_cache_engine = STAT_CACHE_ENGINE_NONE;
95 log_error_write(srv, __FILE__, __LINE__, "sb",
96 - "server.stat-cache-engine can be one of \"disable\", \"simple\", \"fam\", but not:", stat_cache_string);
97 + "server.stat-cache-engine can be one of \"disable\", \"simple\","
101 + " but not:", stat_cache_string);
105 Index: src/mod_scgi.c
106 ===================================================================
107 --- src/mod_scgi.c (.../tags/lighttpd-1.4.13) (revision 1718)
108 +++ src/mod_scgi.c (.../branches/lighttpd-1.4.x) (revision 1718)
109 @@ -2528,7 +2528,7 @@
110 hctx->reconnects < 5) {
111 scgi_reconnect(srv, hctx);
113 - log_error_write(srv, __FILE__, __LINE__, "sdsdsd",
114 + log_error_write(srv, __FILE__, __LINE__, "ssdsd",
115 "response not sent, request not sent, reconnection.",
116 "connection-fd:", con->fd,
117 "fcgi-fd:", hctx->fd);
119 ===================================================================
120 --- src/request.c (.../tags/lighttpd-1.4.13) (revision 1718)
121 +++ src/request.c (.../branches/lighttpd-1.4.x) (revision 1718)
124 if (host_len == 0) return -1;
126 + /* if the hostname ends in a "." strip it */
127 + if (host->ptr[host_len-1] == '.') host_len -= 1;
129 /* scan from the right and skip the \0 */
130 for (i = host_len - 1; i + 1 > 0; i--) {
131 const char c = host->ptr[i];
132 Index: src/network_backends.h
133 ===================================================================
134 --- src/network_backends.h (.../tags/lighttpd-1.4.13) (revision 1718)
135 +++ src/network_backends.h (.../branches/lighttpd-1.4.x) (revision 1718)
137 # include <sys/uio.h>
140 -#if defined HAVE_SYS_UIO_H && defined HAVE_SENDFILE && defined HAVE_WRITEV && defined(__FreeBSD__)
141 +#if defined HAVE_SYS_UIO_H && defined HAVE_SENDFILE && defined HAVE_WRITEV && (defined(__FreeBSD__) || defined(__DragonFly__))
142 # define USE_FREEBSD_SENDFILE
143 # include <sys/uio.h>
145 Index: src/mod_proxy.c
146 ===================================================================
147 --- src/mod_proxy.c (.../tags/lighttpd-1.4.13) (revision 1718)
148 +++ src/mod_proxy.c (.../branches/lighttpd-1.4.x) (revision 1718)
152 if (-1 == (r = read(hctx->fd, hctx->response->ptr + hctx->response->used - 1, b))) {
153 + if (errno == EAGAIN) return 0;
154 log_error_write(srv, __FILE__, __LINE__, "sds",
155 "unexpected end-of-file (perhaps the proxy process died):",
156 proxy_fd, strerror(errno));
157 Index: src/mod_extforward.c
158 ===================================================================
159 --- src/mod_extforward.c (.../tags/lighttpd-1.4.13) (revision 0)
160 +++ src/mod_extforward.c (.../branches/lighttpd-1.4.x) (revision 1718)
166 +#include <netinet/in.h>
174 +#include "inet_ntop_cache.h"
175 +#ifdef HAVE_CONFIG_H
180 + * mod_extforward.c for lighttpd, by comman.kang <at> gmail <dot> com
181 + * extended, modified by Lionel Elie Mamane (LEM), lionel <at> mamane <dot> lu
185 + * Trust proxy 10.0.0.232 and 10.0.0.232
186 + * extforward.forwarder = ( "10.0.0.232" => "trust",
187 + * "10.0.0.233" => "trust" )
189 + * Trust all proxies (NOT RECOMMENDED!)
190 + * extforward.forwarder = ( "all" => "trust")
192 + * Note that "all" has precedence over specific entries,
193 + * so "all except" setups will not work.
195 + * Note: The effect of this module is variable on $HTTP["remotip"] directives and
196 + * other module's remote ip dependent actions.
197 + * Things done by modules before we change the remoteip or after we reset it will match on the proxy's IP.
198 + * Things done in between these two moments will match on the real client's IP.
199 + * The moment things are done by a module depends on in which hook it does things and within the same hook
200 + * on whether they are before/after us in the module loading order
201 + * (order in the server.modules directive in the config file).
203 + * Tested behaviours:
205 + * mod_access: Will match on the real client.
208 + * In order to see the "real" ip address in access log ,
209 + * you'll have to load mod_extforward after mod_accesslog.
212 + * server.modules = (
219 + * seems causing segfault with mod_ssl and $HTTP{"socket"} directives
220 + * LEM 2006.05.26: Fixed segfault $SERVER["socket"] directive. Untested with SSL.
223 + * 2005.12.19 Initial Version
224 + * 2005.12.19 fixed conflict with conditional directives
225 + * 2006.05.26 LEM: IPv6 support
226 + * 2006.05.26 LEM: Fix a segfault with $SERVER["socket"] directive.
227 + * 2006.05.26 LEM: Run at uri_raw time, as we don't need to see the URI
228 + * In this manner, we run before mod_access and $HTTP["remoteip"] directives work!
229 + * 2006.05.26 LEM: Clean config_cond cache of tests whose result we probably change.
233 +/* plugin config for all request/connections */
242 + plugin_config **config_storage;
244 + plugin_config conf;
248 +/* context , used for restore remote ip */
251 + sock_addr saved_remote_addr;
252 + buffer *saved_remote_addr_buf;
256 +static handler_ctx * handler_ctx_init(sock_addr oldaddr, buffer *oldaddr_buf) {
257 + handler_ctx * hctx;
258 + hctx = calloc(1, sizeof(*hctx));
259 + hctx->saved_remote_addr = oldaddr;
260 + hctx->saved_remote_addr_buf = oldaddr_buf;
264 +static void handler_ctx_free(handler_ctx *hctx) {
268 +/* init the plugin data */
269 +INIT_FUNC(mod_extforward_init) {
271 + p = calloc(1, sizeof(*p));
275 +/* destroy the plugin data */
276 +FREE_FUNC(mod_extforward_free) {
277 + plugin_data *p = p_d;
281 + if (!p) return HANDLER_GO_ON;
283 + if (p->config_storage) {
286 + for (i = 0; i < srv->config_context->used; i++) {
287 + plugin_config *s = p->config_storage[i];
291 + array_free(s->forwarder);
295 + free(p->config_storage);
301 + return HANDLER_GO_ON;
304 +/* handle plugin config and check values */
306 +SETDEFAULTS_FUNC(mod_extforward_set_defaults) {
307 + plugin_data *p = p_d;
310 + config_values_t cv[] = {
311 + { "extforward.forwarder", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
312 + { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
315 + if (!p) return HANDLER_ERROR;
317 + p->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));
319 + for (i = 0; i < srv->config_context->used; i++) {
322 + s = calloc(1, sizeof(plugin_config));
323 + s->forwarder = array_init();
325 + cv[0].destination = s->forwarder;
327 + p->config_storage[i] = s;
329 + if (0 != config_insert_values_global(srv, ((data_config *)srv->config_context->data[i])->value, cv)) {
330 + return HANDLER_ERROR;
334 + return HANDLER_GO_ON;
339 +static int mod_extforward_patch_connection(server *srv, connection *con, plugin_data *p) {
341 + plugin_config *s = p->config_storage[0];
345 + /* LEM: The purpose of this seems to match extforward configuration
346 + stanzas that are not in the global context, but in some sub-context.
347 + I fear this will break contexts of the form HTTP['remote'] = .
348 + (in the form that they do not work with the real remote, but matching on
349 + the proxy instead).
351 + I'm not sure this this is all thread-safe. Is the p we are passed different
352 + for each connection or is it global?
354 + mod_fastcgi does the same, so it must be safe.
356 + /* skip the first, the global context */
357 + for (i = 1; i < srv->config_context->used; i++) {
358 + data_config *dc = (data_config *)srv->config_context->data[i];
359 + s = p->config_storage[i];
361 + /* condition didn't match */
362 + if (!config_check_cond(srv, con, dc)) continue;
365 + for (j = 0; j < dc->value->used; j++) {
366 + data_unset *du = dc->value->data[j];
368 + if (buffer_is_equal_string(du->key, CONST_STR_LEN("extforward.forwarder"))) {
379 +static void put_string_into_array_len(array *ary, const char *str, int len)
381 + data_string *tempdata;
384 + tempdata = data_string_init();
385 + buffer_copy_string_len(tempdata->value,str,len);
386 + array_insert_unique(ary,(data_unset *)tempdata);
389 + extract a forward array from the environment
391 +static array *extract_forward_array(buffer *pbuffer)
393 + array *result = array_init();
394 + if (pbuffer->used > 0) {
396 + /* state variable, 0 means not in string, 1 means in string */
398 + for (base = pbuffer->ptr, curr = pbuffer->ptr; *curr; curr++)
401 + if ( (*curr > '9' || *curr < '0') && *curr != '.' && *curr != ':' ) {
402 + /* found an separator , insert value into result array */
403 + put_string_into_array_len(result, base, curr-base);
404 + /* change state to not in string */
408 + if (*curr >= '0' && *curr <= '9')
410 + /* found leading char of an IP address, move base pointer and change state */
416 + /* if breaking out while in str, we got to the end of string, so add it */
419 + put_string_into_array_len(result, base, curr-base);
425 +#define IP_TRUSTED 1
426 +#define IP_UNTRUSTED 0
428 + check whether ip is trusted, return 1 for trusted , 0 for untrusted
430 +static int is_proxy_trusted(const char *ipstr, plugin_data *p)
432 + data_string* allds = (data_string *) array_get_element(p->conf.forwarder,"all");
434 + if (strcasecmp(allds->value->ptr,"trust") == 0)
437 + return IP_UNTRUSTED;
439 + return (data_string *)array_get_element(p->conf.forwarder,ipstr) ? IP_TRUSTED : IP_UNTRUSTED ;
442 +struct addrinfo *ipstr_to_sockaddr(const char *host)
444 + struct addrinfo hints, *res0;
446 + memset(&hints, 0, sizeof(hints));
447 + hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV;
449 + result = getaddrinfo(host, NULL, &hints, &res0);
452 + fprintf(stderr,"could not resolve hostname %s because %s\n", host,gai_strerror(result));
453 + if (result == EAI_SYSTEM)
454 + perror("The system error is ");
459 + fprintf(stderr, "Problem in resolving hostname %s: succeeded, but no information returned\n", host);
465 +static void clean_cond_cache(server *srv, connection *con)
469 + for (i = 0; i < srv->config_context->used; i++) {
470 + data_config *dc = (data_config *)srv->config_context->data[i];
472 + if (dc->comp == COMP_HTTP_REMOTEIP)
474 + con->cond_cache[i].result = COND_RESULT_UNSET;
475 + con->cond_cache[i].patterncount = 0;
480 +URIHANDLER_FUNC(mod_extforward_uri_handler) {
481 + plugin_data *p = p_d;
482 + data_string *forwarded = NULL;
484 + char b2[INET6_ADDRSTRLEN + 1];
488 + mod_extforward_patch_connection(srv, con, p);
490 +/* log_error_write(srv, __FILE__, __LINE__,"s","mod_extforward_uri_handler called\n"); */
492 + /* if the remote ip itself is not trusted , then do nothing */
494 + s = inet_ntop(con->dst_addr.plain.sa_family,
495 + con->dst_addr.plain.sa_family == AF_INET6 ?
496 + &(con->dst_addr.ipv6.sin6_addr) :
497 + &(con->dst_addr.ipv4.sin_addr),
501 + s = inet_ntoa(con->dst_addr.ipv4.sin_addr);
503 + if (IP_UNTRUSTED == is_proxy_trusted (s, p) )
504 + return HANDLER_GO_ON;
506 + /* log_error_write(srv, __FILE__, __LINE__,"s","remote address is trusted proxy, go on\n");*/
507 + if (con->request.headers &&
508 + ((forwarded = (data_string *) array_get_element(con->request.headers,"X-Forwarded-For")) ||
509 + (forwarded = (data_string *) array_get_element(con->request.headers, "Forwarded-For"))))
511 + /* log_error_write(srv, __FILE__, __LINE__,"s","found forwarded header\n");*/
512 + /* found forwarded for header */
514 + array *forward_array = extract_forward_array(forwarded->value);
515 + char *real_remote_addr = NULL;
517 + struct addrinfo *addrlist = NULL;
519 + /* Testing shows that multiple headers and multiple values in one header
520 + come in _reverse_ order. So the first one we get is the last one in the request. */
521 + for (i = forward_array->used - 1; i >= 0; i--)
523 + data_string *ds = (data_string *) forward_array->data[i];
525 +/* log_error_write(srv, __FILE__, __LINE__,"ss","forward",ds->value->ptr); */
526 + real_remote_addr = ds->value->ptr;
528 + /* LEM: What the hell is this about?
529 + We test whether the forwarded for IP is trusted?
530 + This looks like an ugly hack to handle multiple Forwarded-For's
531 + and avoid those set to our proxies, or something like that.
532 + My testing shows that reverse proxies add a new X-Forwarded-For header,
533 + and we should thus take the last one, which is the first one we see.
535 + The net result of the old code is that we use the first untrusted IP,
536 + or if all are trusted, the last trusted IP.
537 + That's crazy. So I've disabled this.
539 + /* check whether it is trusted */
540 +/* if (IP_UNTRUSTED == is_proxy_trusted(ds->value->ptr,p) ) */
542 +/* log_error_write(srv, __FILE__, __LINE__,"ss",ds->value->ptr," is trusted."); */
546 + /* bug ? bailing out here */
550 + if (real_remote_addr != NULL) /* parsed */
553 + struct addrinfo *addrs_left;
554 +/* log_error_write(srv, __FILE__, __LINE__,"ss","use forward",real_remote_addr); */
556 + addrlist = ipstr_to_sockaddr(real_remote_addr);
557 + s.plain.sa_family = AF_UNSPEC;
558 + for (addrs_left = addrlist; addrs_left != NULL;
559 + addrs_left = addrs_left -> ai_next)
561 + s.plain.sa_family = addrs_left->ai_family;
562 + if ( s.plain.sa_family == AF_INET )
564 + s.ipv4.sin_addr = ((struct sockaddr_in*)addrs_left->ai_addr)->sin_addr;
567 + else if ( s.plain.sa_family == AF_INET6 )
569 + s.ipv6.sin6_addr = ((struct sockaddr_in6*)addrs_left->ai_addr)->sin6_addr;
574 + s.ipv4.sin_addr.s_addr = inet_addr(real_remote_addr);
575 + s.plain.sa_family = (s.ipv4.sin_addr.s_addr == 0xFFFFFFFF) ? AF_UNSPEC : AF_INET;
577 + if (s.plain.sa_family != AF_UNSPEC)
579 + /* we found the remote address, modify current connection and save the old address */
580 + if (con->plugin_ctx[p->id]) {
581 + log_error_write(srv, __FILE__, __LINE__,"patching an already patched connection!");
582 + handler_ctx_free(con->plugin_ctx[p->id]);
583 + con->plugin_ctx[p->id] = NULL;
585 + /* save old address */
586 + con->plugin_ctx[p->id] = handler_ctx_init(con->dst_addr, con->dst_addr_buf);
587 + /* patch connection address */
589 + con->dst_addr_buf = buffer_init();
590 + buffer_copy_string(con->dst_addr_buf, real_remote_addr);
591 +/* log_error_write(srv, __FILE__, __LINE__,"ss","Set dst_addr_buf to ", real_remote_addr); */
592 + /* Now, clean the conf_cond cache, because we may have changed the results of tests */
593 + clean_cond_cache(srv, con);
596 + if (addrlist != NULL ) freeaddrinfo(addrlist);
599 + array_free(forward_array);
603 + return HANDLER_GO_ON;
606 +CONNECTION_FUNC(mod_extforward_restore) {
607 + plugin_data *p = p_d;
610 + /* LEM: This seems completely unuseful, as we are not using
611 + p->conf in this function. Furthermore, it brings a
612 + segfault if one of the conditional configuration
613 + blocks is "SERVER['socket'] == foo", because the
614 + socket is not known yet in the srv/con structure.
616 + /* mod_extforward_patch_connection(srv, con, p); */
618 + /* restore this connection's remote ip */
619 + if (con->plugin_ctx[p->id]) {
620 + handler_ctx *hctx = con->plugin_ctx[p->id];
621 + con->dst_addr = hctx->saved_remote_addr;
622 + buffer_free(con->dst_addr_buf);
623 + con->dst_addr_buf = hctx->saved_remote_addr_buf;
624 +/* log_error_write(srv, __FILE__, __LINE__,"s","LEM: Reset dst_addr_buf"); */
625 + handler_ctx_free(hctx);
626 + con->plugin_ctx[p->id] = NULL;
627 + /* Now, clean the conf_cond cache, because we may have changed the results of tests */
628 + clean_cond_cache(srv, con);
630 + return HANDLER_GO_ON;
634 +/* this function is called at dlopen() time and inits the callbacks */
636 +int mod_extforward_plugin_init(plugin *p) {
637 + p->version = LIGHTTPD_VERSION_ID;
638 + p->name = buffer_init_string("extforward");
640 + p->init = mod_extforward_init;
641 + p->handle_uri_raw = mod_extforward_uri_handler;
642 + p->handle_request_done = mod_extforward_restore;
643 + p->connection_reset = mod_extforward_restore;
644 + p->set_defaults = mod_extforward_set_defaults;
645 + p->cleanup = mod_extforward_free;
653 Property changes on: src/mod_extforward.c
654 ___________________________________________________________________
658 Index: src/Makefile.am
659 ===================================================================
660 --- src/Makefile.am (.../tags/lighttpd-1.4.13) (revision 1718)
661 +++ src/Makefile.am (.../branches/lighttpd-1.4.x) (revision 1718)
663 mod_fastcgi_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
664 mod_fastcgi_la_LIBADD = $(common_libadd)
666 +lib_LTLIBRARIES += mod_extforward.la
667 +mod_extforward_la_SOURCES = mod_extforward.c
668 +mod_extforward_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
669 +mod_extforward_la_LIBADD = $(common_libadd)
671 lib_LTLIBRARIES += mod_access.la
672 mod_access_la_SOURCES = mod_access.c
673 mod_access_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
674 Index: src/network_writev.c
675 ===================================================================
676 --- src/network_writev.c (.../tags/lighttpd-1.4.13) (revision 1718)
677 +++ src/network_writev.c (.../branches/lighttpd-1.4.x) (revision 1718)
679 const size_t max_chunks = MAX_IOVEC;
680 #elif defined(UIO_MAXIOV) /* Linux x86 (glibc-2.2.5-233) */
681 const size_t max_chunks = UIO_MAXIOV;
682 -#elif (defined(__FreeBSD__) && __FreeBSD_version < 500000) /* FreeBSD 4.x */
683 +#elif (defined(__FreeBSD__) && __FreeBSD_version < 500000) || defined(__DragonFly__) /* FreeBSD 4.x */
684 const size_t max_chunks = 1024; /* UIO_MAXIOV value from sys/uio.h */
686 #error "sysconf() doesnt return _SC_IOV_MAX ..., check the output of 'man writev' for the EINVAL error and send the output to jan@kneschke.de"
687 Index: src/mod_expire.c
688 ===================================================================
689 --- src/mod_expire.c (.../tags/lighttpd-1.4.13) (revision 1718)
690 +++ src/mod_expire.c (.../branches/lighttpd-1.4.x) (revision 1718)
695 - * '(access|modification) [plus] {<num> <type>}*'
696 + * '(access|now|modification) [plus] {<num> <type>}*'
698 * e.g. 'access 1 years'
701 if (0 == strncmp(ts, "access ", 7)) {
704 + } else if (0 == strncmp(ts, "now ", 4)) {
707 } else if (0 == strncmp(ts, "modification ", 13)) {
714 - /* the rest is just <number> (years|months|days|hours|minutes|seconds) */
715 + /* the rest is just <number> (years|months|weeks|days|hours|minutes|seconds) */
720 } else if (slen == 6 &&
721 0 == strncmp(ts, "months", slen)) {
722 num *= 60 * 60 * 24 * 30;
723 + } else if (slen == 5 &&
724 + 0 == strncmp(ts, "weeks", slen)) {
725 + num *= 60 * 60 * 24 * 7;
726 } else if (slen == 4 &&
727 0 == strncmp(ts, "days", slen)) {
730 num *= 60 * 60 * 24 * 30 * 12;
731 } else if (0 == strcmp(ts, "months")) {
732 num *= 60 * 60 * 24 * 30;
733 + } else if (0 == strcmp(ts, "weeks")) {
734 + num *= 60 * 60 * 24 * 7;
735 } else if (0 == strcmp(ts, "days")) {
737 } else if (0 == strcmp(ts, "hours")) {
738 Index: src/network_freebsd_sendfile.c
739 ===================================================================
740 --- src/network_freebsd_sendfile.c (.../tags/lighttpd-1.4.13) (revision 1718)
741 +++ src/network_freebsd_sendfile.c (.../branches/lighttpd-1.4.x) (revision 1718)
747 +# if defined(__FreeBSD__) || defined(__DragonFly__)
748 /* FreeBSD 4.7, 4.9 defined it in sys/uio.h only if _KERNEL is specified */
749 # define UIO_MAXIOV 1024
751 Index: src/http_auth.c
752 ===================================================================
753 --- src/http_auth.c (.../tags/lighttpd-1.4.13) (revision 1718)
754 +++ src/http_auth.c (.../branches/lighttpd-1.4.x) (revision 1718)
759 + if (p->conf.auth_ldap_allow_empty_pw != 1 && pw[0] == '\0')
764 buffer_copy_string_buffer(p->ldap_filter, p->conf.ldap_filter_pre);
765 buffer_append_string_buffer(p->ldap_filter, username);
766 Index: src/http_auth.h
767 ===================================================================
768 --- src/http_auth.h (.../tags/lighttpd-1.4.13) (revision 1718)
769 +++ src/http_auth.h (.../branches/lighttpd-1.4.x) (revision 1718)
771 buffer *auth_ldap_filter;
772 buffer *auth_ldap_cafile;
773 unsigned short auth_ldap_starttls;
774 + unsigned short auth_ldap_allow_empty_pw;
776 unsigned short auth_debug;
778 Index: src/mod_auth.c
779 ===================================================================
780 --- src/mod_auth.c (.../tags/lighttpd-1.4.13) (revision 1718)
781 +++ src/mod_auth.c (.../branches/lighttpd-1.4.x) (revision 1718)
783 PATCH(auth_ldap_filter);
784 PATCH(auth_ldap_cafile);
785 PATCH(auth_ldap_starttls);
786 + PATCH(auth_ldap_allow_empty_pw);
789 PATCH(ldap_filter_pre);
791 PATCH(auth_ldap_cafile);
792 } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.starttls"))) {
793 PATCH(auth_ldap_starttls);
794 + } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("auth.backend.ldap.allow-empty-pw"))) {
795 + PATCH(auth_ldap_allow_empty_pw);
800 { "auth.backend.ldap.starttls", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
801 { "auth.backend.ldap.bind-dn", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
802 { "auth.backend.ldap.bind-pw", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 10 */
803 + { "auth.backend.ldap.allow-empty-pw", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION },
804 { "auth.backend.htdigest.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
805 { "auth.backend.htpasswd.userfile", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION },
806 { "auth.debug", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 13 */
807 @@ -359,11 +363,12 @@
808 cv[6].destination = s->auth_ldap_filter;
809 cv[7].destination = s->auth_ldap_cafile;
810 cv[8].destination = &(s->auth_ldap_starttls);
811 - cv[9].destination = s->auth_ldap_binddn;
812 - cv[10].destination = s->auth_ldap_bindpw;
813 - cv[11].destination = s->auth_htdigest_userfile;
814 - cv[12].destination = s->auth_htpasswd_userfile;
815 - cv[13].destination = &(s->auth_debug);
816 + cv[9].destination = s->auth_ldap_binddn;
817 + cv[10].destination = s->auth_ldap_bindpw;
818 + cv[11].destination = &(s->auth_ldap_allow_empty_pw);
819 + cv[12].destination = s->auth_htdigest_userfile;
820 + cv[13].destination = s->auth_htpasswd_userfile;
821 + cv[14].destination = &(s->auth_debug);
823 p->config_storage[i] = s;
824 ca = ((data_config *)srv->config_context->data[i])->value;
825 Index: src/http-header-glue.c
826 ===================================================================
827 --- src/http-header-glue.c (.../tags/lighttpd-1.4.13) (revision 1718)
828 +++ src/http-header-glue.c (.../branches/lighttpd-1.4.x) (revision 1718)
830 char dst[INET6_ADDRSTRLEN];
832 log_error_write(srv, __FILE__, __LINE__,
833 - "SSSS", "NOTICE: getnameinfo failed: ",
834 + "SSS", "NOTICE: getnameinfo failed: ",
835 strerror(errno), ", using ip-address instead");
837 buffer_append_string(o,
840 if (NULL == (he = gethostbyaddr((char *)&our_addr.ipv4.sin_addr, sizeof(struct in_addr), AF_INET))) {
841 log_error_write(srv, __FILE__, __LINE__,
842 - "SdSS", "NOTICE: gethostbyaddr failed: ",
843 + "SdS", "NOTICE: gethostbyaddr failed: ",
844 h_errno, ", using ip-address instead");
846 buffer_append_string(o, inet_ntoa(our_addr.ipv4.sin_addr));
847 Index: src/mod_fastcgi.c
848 ===================================================================
849 --- src/mod_fastcgi.c (.../tags/lighttpd-1.4.13) (revision 1718)
850 +++ src/mod_fastcgi.c (.../branches/lighttpd-1.4.x) (revision 1718)
852 buffer *key; /* like .php */
857 fcgi_extension_host **hosts;
860 fe = calloc(1, sizeof(*fe));
862 fe->key = buffer_init();
863 + fe->last_used_ndx = -1;
864 buffer_copy_string_buffer(fe->key, key);
867 @@ -2365,6 +2367,7 @@
868 * check how much we have to read
870 if (ioctl(hctx->fd, FIONREAD, &toread)) {
871 + if (errno == EAGAIN) return 0;
872 log_error_write(srv, __FILE__, __LINE__, "sd",
873 "unexpected end-of-file (perhaps the fastcgi process died):",
875 @@ -2375,12 +2378,23 @@
879 + chunk *cq_first = hctx->rb->first;
880 + chunk *cq_last = hctx->rb->last;
882 b = chunkqueue_get_append_buffer(hctx->rb);
883 buffer_prepare_copy(b, toread + 1);
885 /* append to read-buffer */
886 if (-1 == (r = read(hctx->fd, b->ptr, toread))) {
887 + if (errno == EAGAIN) {
888 + /* roll back the last chunk allocation,
889 + and continue on next iteration */
890 + buffer_free(hctx->rb->last->mem);
891 + free(hctx->rb->last);
892 + hctx->rb->first = cq_first;
893 + hctx->rb->last = cq_last;
896 log_error_write(srv, __FILE__, __LINE__, "sds",
897 "unexpected end-of-file (perhaps the fastcgi process died):",
898 fcgi_fd, strerror(errno));
899 @@ -2393,6 +2407,7 @@
900 b->used = r + 1; /* one extra for the fake \0 */
901 b->ptr[b->used - 1] = '\0';
903 + if (errno == EAGAIN) return 0;
904 log_error_write(srv, __FILE__, __LINE__, "ssdsb",
905 "unexpected end-of-file (perhaps the fastcgi process died):",
907 @@ -2499,6 +2514,8 @@
911 + if (packet.len == 0) break;
913 log_error_write(srv, __FILE__, __LINE__, "sb",
914 "FastCGI-stderr:", packet.b);
916 @@ -2979,17 +2996,23 @@
920 - /* get best server */
921 - for (k = 0, ndx = -1; k < hctx->ext->used; k++) {
922 - host = hctx->ext->hosts[k];
923 + /* check if the next server has no load. */
924 + ndx = hctx->ext->last_used_ndx + 1;
925 + if(ndx >= hctx->ext->used || ndx < 0) ndx = 0;
926 + host = hctx->ext->hosts[ndx];
927 + if (host->load > 0) {
928 + /* get backend with the least load. */
929 + for (k = 0, ndx = -1; k < hctx->ext->used; k++) {
930 + host = hctx->ext->hosts[k];
932 - /* we should have at least one proc that can do something */
933 - if (host->active_procs == 0) continue;
934 + /* we should have at least one proc that can do something */
935 + if (host->active_procs == 0) continue;
937 - if (used == -1 || host->load < used) {
939 + if (used == -1 || host->load < used) {
948 @@ -3005,6 +3028,7 @@
949 return HANDLER_FINISHED;
952 + hctx->ext->last_used_ndx = ndx;
953 host = hctx->ext->hosts[ndx];
957 ===================================================================
958 --- src/server.c (.../tags/lighttpd-1.4.13) (revision 1718)
959 +++ src/server.c (.../branches/lighttpd-1.4.x) (revision 1718)
963 for (i = 0; i < FILE_CACHE_MAX; i++) {
964 + srv->mtime_cache[i].mtime = (time_t)-1;
965 srv->mtime_cache[i].str = buffer_init();
968 @@ -1231,6 +1232,19 @@
971 /* network_close() will cleanup after us */
973 + if (srv->srvconf.pid_file->used &&
974 + srv->srvconf.changeroot->used == 0) {
975 + if (0 != unlink(srv->srvconf.pid_file->ptr)) {
976 + if (errno != EACCES && errno != EPERM) {
977 + log_error_write(srv, __FILE__, __LINE__, "sbds",
978 + "unlink failed for:",
979 + srv->srvconf.pid_file,
988 @@ -1335,7 +1349,8 @@
991 if (srv->srvconf.pid_file->used &&
992 - srv->srvconf.changeroot->used == 0) {
993 + srv->srvconf.changeroot->used == 0 &&
994 + 0 == graceful_shutdown) {
995 if (0 != unlink(srv->srvconf.pid_file->ptr)) {
996 if (errno != EACCES && errno != EPERM) {
997 log_error_write(srv, __FILE__, __LINE__, "sbds",
998 Index: doc/extforward.txt
999 ===================================================================
1000 --- doc/extforward.txt (.../tags/lighttpd-1.4.13) (revision 0)
1001 +++ doc/extforward.txt (.../branches/lighttpd-1.4.x) (revision 1718)
1012 +Comman Kang <comman.kang at gmail.com> sent me: ::
1016 + I've made something rough but similar to mod_extract_forwarded for
1017 + Apache. This module will extract the client's "real" ip from
1018 + X-Forwarded-For header which is added by squid or other proxies. It might be
1019 + useful for servers behind reverse proxy servers.
1021 + However, this module is causing segfault with mod_ssl or
1022 + $HTTP{''socket"} directive, crashing in config_check_cond while patching
1023 + connection , I do not understand architecture of the lighttpd well, does it
1024 + need to call patch_connection in either handle_request_done and
1025 + connection_reset ?
1027 +Lionel Elie Mamane <lionel@mamane.lu> improved the patch: ::
1029 + I've taken lighttpd-1.4.10-mod_extforward.c from the wiki and I've
1030 + extended it. Here is the result.
1036 + - Fixed at least one segfault with SERVER['socket']
1038 + - Arrange things so that a url.access-deny under scope of a
1039 + HTTP['remoteip'] condition works well :)
1041 + I've commented the code in some places, mostly where I wasn't sure
1042 + what was going on, or I didn't see what the original author meant to
1048 +extforward.forwarder
1049 + Sets trust level of proxy IP's.
1055 + extforward.forwarder = ("10.0.0.232" => "trust")
1057 + will translate ip addresses coming from 10.0.0.232 to real ip addresses extracted from X-Forwarded-For: HTTP request header.
1062 +The effect of this module is variable on $HTTP["remotip"] directives and other module's remote ip dependent actions.
1063 +Things done by modules before we change the remoteip or after we reset it will match on the proxy's IP.
1064 +Things done in between these two moments will match on the real client's IP.
1065 +The moment things are done by a module depends on in which hook it does things and within the same hook
1066 +on whether they are before/after us in the module loading order
1067 +(order in the server.modules directive in the config file).
1071 + mod_access: Will match on the real client.
1074 + In order to see the "real" ip address in access log ,
1075 + you'll have to load mod_extforward after mod_accesslog.
1078 + server.modules = (
1087 +Trust proxy 10.0.0.232 and 10.0.0.232 ::
1089 + extforward.forwarder = (
1090 + "10.0.0.232" => "trust",
1091 + "10.0.0.233" => "trust",
1094 +Trust all proxies (NOT RECOMMENDED!) ::
1096 + extforward.forwarder = ( "all" => "trust")
1098 +Note that "all" has precedence over specific entries, so "all except" setups will not work.
1099 Index: doc/Makefile.am
1100 ===================================================================
1101 --- doc/Makefile.am (.../tags/lighttpd-1.4.13) (revision 1718)
1102 +++ doc/Makefile.am (.../branches/lighttpd-1.4.x) (revision 1718)
1114 configuration.html \
1116 fastcgi-state.html \
1120 ===================================================================
1121 --- NEWS (.../tags/lighttpd-1.4.13) (revision 1718)
1122 +++ NEWS (.../branches/lighttpd-1.4.x) (revision 1718)
1128 + * added mod_extforward module [1665]
1129 + * added HTTPS=on to the environment of cgi scripts (#861)
1130 + * fix handling of 303 #1045
1131 + * made the configure check for lua more portable [1677]
1132 + * fix http 500 errors (colin.stephen/at/o2.com) #1041
1133 + * prevent wrong pidfile unlinking on graceful restart (Chris Webb) [1656]
1134 + * ignore empty packets from STDERR stream. #998
1135 + * fix a crash for files with an mtime of 0 reported by cubiq on irc [1519]
1136 + * allow empty passwords with ldap (Jörg Sonnenberger) [1516]
1137 + * mod_scgi.c segfault fix #964
1138 + * Added round-robin support to mod_fastcgi [1500]
1139 + * Handle DragonFlyBSD the same way as Freebsd (Jörg Sonnenberger) [1492]
1140 + * added now and weeks support to mod_expire. #943
1141 + * fix cpu hog in certain requests [1473]
1142 + * fix for handling hostnames with trailing dot [1406]
1144 - 1.4.13 - 2006-10-09
1146 * added initgroups in spawn-fcgi (#871)
1148 - 1.4.11 - 2006-03-09
1150 * added ability to specify which ip address spawn-fci listens on
1152 + (agkr/at/pobox.com)
1153 * added mod_flv_streaming to streaming Flash Movies efficiently
1154 * fixed handling of error codes returned by mod_dav_svn behing a
1157 * fixed local source retrieval on windows
1159 * fixed hanging cgi if remote side is dieing while reading
1160 - from the pipe (sandy@meebo.com)
1161 + from the pipe (sandy/at/meebo.com)
1163 - 1.4.10 - 2006-02-08
1165 @@ -84,23 +101,23 @@
1167 - 1.4.9 - 2006-01-14
1169 - * added server.core-files option (sandy <sandy@meebo.com>)
1170 + * added server.core-files option (sandy <sandy/at/meebo.com>)
1171 * added docs for mod_status
1172 - * added mod_evasive to limit the number of connections by IP (<w1zzard@techpowerup.com>)
1173 + * added mod_evasive to limit the number of connections by IP (<w1zzard/at/techpowerup.com>)
1174 * added the power-magnet to mod_cml
1175 * added internal statistics to mod_fastcgi
1176 * added server.statistics-url to get internal statistics from mod_status
1177 * added support for conditional range-requests through If-Range
1178 * added static building via scons
1179 - * fixed 100% cpu loops in mod_cgi ("sandy" <sjen@cs.stanford.edu>)
1180 - * fixed handling for secure-download.timeout (jamis@37signals.com)
1181 - * fixed IE bug in content-charset in the output of mod_dirlisting (sniper@php.net)
1182 - * fixed typos and language in the docs (ryan-2005@ryandesign.com)
1183 - * fixed assertion in mod_cgi on HEAD request is Content-Length (<sandy@meebo.com>)
1184 + * fixed 100% cpu loops in mod_cgi ("sandy" <sjen/at/cs.stanford.edu>)
1185 + * fixed handling for secure-download.timeout (jamis/at/37signals.com)
1186 + * fixed IE bug in content-charset in the output of mod_dirlisting (sniper/at/php.net)
1187 + * fixed typos and language in the docs (ryan-2005/at/ryandesign.com)
1188 + * fixed assertion in mod_cgi on HEAD request is Content-Length (<sandy/at/meebo.com>)
1189 * fixed handling if equal but duplicate If-Modified-Since request headers
1190 * fixed endless loops in mod_fastcgi if backend is dead
1191 * fixed Depth: 1 handling in PROPFIND requests on empty dirs
1192 - * fixed encoding of UTF8 encoded dirlistings (Jani Taskinen <sniper@iki.fi>)
1193 + * fixed encoding of UTF8 encoded dirlistings (Jani Taskinen <sniper/at/iki.fi>)
1194 * fixed initial bind to a unix-domain socket through server.bind
1195 * fixed handling of lowercase filesystems
1196 * fixed duplicate request headers cause by mod_setenv
1197 @@ -108,12 +125,12 @@
1198 - 1.4.8 - 2005-11-23
1200 * added auto-reconnect to ldap-server in mod_auth
1201 - (joerg@netbsd.org)
1202 + (joerg/at/netbsd.org)
1203 * changed auth.ldap-cafile to be optional
1204 - (joerg@netbsd.org)
1205 + (joerg/at/netbsd.org)
1206 * added strip_request_uri in mod_fastcgi
1207 * added more X-* headers to mod_proxy
1208 - (Ben Grimm <bengrimm@gmail.com>)
1209 + (Ben Grimm <bengrimm/at/gmail.com>)
1210 * added 'debug' to simple-vhost to suppress the
1211 (mod_simple_vhost.c.157) No such file or directory /servers/ww.lighttpd.net/pages/
1213 @@ -124,11 +141,11 @@
1214 * fixed encoding the filenames in PROPFIND in mod_webdav
1215 * fixed range request handling in network_writev
1216 * fixed retry on connect error in mod_fastcgi
1217 - (Robert G. Jakabosky <bobby@alphatrade.com>)
1218 + (Robert G. Jakabosky <bobby/at/alphatrade.com>)
1219 * fixed possible crash in mod_webdav if sqlite3 support
1220 is available but not use
1221 * fixed fdvent-handler init if server.max-worker was used
1222 - (Siddharth Vijayakrishnan <mail@bluefireworks.net>)
1223 + (Siddharth Vijayakrishnan <mail/at/bluefireworks.net>)
1224 * fixed missing cleanup in mysql_vhost
1225 * fixed assert() in "connections.c:962:
1226 connection_handle_read_state: Assertion 'c->mem->used' failed."
1228 * fixed unsigned/signed comparisions
1229 * fixed streaming in mod_cgi
1230 * fixed possible overflow in password-salt handling
1231 - (reported on slashdot by james-web@and.org)
1232 + (reported on slashdot by james-web/at/and.org)
1233 * fixed server-traffic-limit if connection limit is not set
1235 - 1.4.7 - 2005-11-02
1237 * added support for %I in mod_accesslog
1238 * added better compat to Apache for ?auto in mod_status
1239 * added support for userdirs without a entry in /etc/passwd in mod_userdir
1240 - (rob@inversepath.com)
1241 + (rob/at/inversepath.com)
1242 * added startup-time selectable network-backend
1243 * added location of upload-files to config as array
1244 * added webdav.log-xml for logging xml-content in mod_webdav
1246 Property changes on: .
1247 ___________________________________________________________________
1249 + a98e19e4-a712-0410-8832-6551a15ffc53:/local/branches/lighttpd-1.4.x:1557