This file summarizes the fixes and enhancements that have been made to the DECthreads HTTP server through the various 2.x versions. 2.2-alpha5 (15-DEC-1997) Modified http_startup.com to check for presence of http_systartup.com and invoke if found. This check is made after standard logicals and installs are done but before daemon process is released to begin execution. Use http_systartup.com for site-specific setup such as installing the authenticator and locally written scripts. Support multiple rules/line (up to 8) in the configuration file, separating rules with a single semi-colon (semi-colon must be preceded by whitespace). The config file pre-processor still works on the entire logical line so you can effectively have multi-rule macro expansion. Modify html_preproc.c to allow use from CGILIB-based scripts. Modifications were made to scriptlib.h to support required buffering of data: net_link_set_mode() now interprets bit 1 of its agument as a 'save output' indicator and new routine net_link_saved_output() which returns a pointer to the buffered output data. Add multi-home configuration options for http_paths.conf/servermaint, mainly as a way to demonstrate multiple rules/line. Also add HTML pre-processor support to servermaint.c, which is demonstrated in the 'environment' section of http_main.servermaint. Make access log extension flags apply per-file. Fix bug in servermaint.c that caused extraneous lines to be inserted when a .iterate directive in the configuration file had no accompanying .next directives. --- Modified http_startup.com to install CGI_SYMBOLS image shared if present. Fix bugs in tserver_tcpshr_install.com's file scan logic. Modify md5_authenticator to work with pre-6.1 systems. Modified statistics counters interface in file counters.c to allow more efficient update of counters (fewer mutex operations). Also added keep-alive offered counter that counts total number of requests with connection keep-alive headers. Other files affected: http_server.c, manage_request.c, http_execute.c. Modified client_limit.c to include estimate of potential pagefile consumption by MST's in determining client thread limit. New routine was added to message_service.h to support this calculation. Modified descrip.mms so that build_*.com files in the [.base_code] directory will turn on verify while compiling modules. The link support procedures (e.g. link_server.com) were modified to turn off verify during their execution. -- Added new authenticator: MD5_authenticator.c, which builds upon the CEL authenticator with Dave Smith's (smith@nwoca.ohio.gov) ACL enhancements and embryonic support for MD5 digest authentication. The MD5 support is still under development (i.e. is doesn't work), it just establises the framework used. New support files: authacl.c, md5_dgst.c, md5.h, md5_locl.h. Perform miscelaneous fixes to preproc_mst.c and access_db.c for building under VAXC. Fix user_info.c to enable privileges when using CMEXEC serialization. Modified authcom.c to include dummy URI: header in message sent to the authenticator. This exposed a longstanding bug in authlib which was also fixed. Any custom authenticators must be rebuilt with the new authlib to work properly with 2.2-alpha3. Modified authcom.c and protect.c to use new header processing code. Update VMSHELPGATE.C to include Jim Winkles modifications: detect embedded references and make into HREFs. --- Add preproc_mst.exe to 'core' server images and make it the default presentation script for .htmlx files. Support extended format access log. In extended mode, access log lines have 2 additional fields (referer and user-agent) appended to the end of the access line. Modifications were made to rule_file.c and http_execute.c to support an additional argument to the accesslog command, new format is "accesslog filename [ext-flag]" where ext-flag is an integer indicating the extension option (currently only option 1 is defined). The http_main.conf and .servermaint file were updated to include the new option. Introduced C++ classes for supporting the WWWEXEC script environment (analogues to scriptlib and cgilib). See cgienv.hxx, scriptlink.hxx, and testcgi.cxx for further information. Modify confifile.html to include rule file pre-processor rules. Modify user_info.c to support 2 methods for making SYS$GETUAI calls, which requires placing process in an elevated privilege state. The original method was to give the thread highest priority (FIFO policy), set SYSPRV, call $GETUAI, clear SYSPRV and revert thread scheduler parameters. The new method is to give the process CMEXEC privilege and make the $GETUAI call via SYS$CMEXEC. The server will only use the new method if the server process has CMEXEC, so HTTP_STARTUP.COM was modified as well to install the server image with CMEXEC as well as SYSPRV (still needed to listen on privileged ports). Modified script_execute.c to raise error report level to client errors. Add hack to user_register.c and user_list.template to allow deletion of entry by user. Modified cgifork_mst.c to close temporary content file prior to forking, avoiding race condition with spawned process. --- Miscellaneous fix in authlib.c under Digital Unix. Fix problem in send_document.c which caused negative sizes to be reported. Modify html_preproc.c to limit the size of file processed to 60,000 bytes or less for the MST variant and 100,000 bytes or less for script-based. Fix bug in tm_realloc() function in tmemory.c. Tweak http_paths.conf so the 'additional rules' section actually executes after the user directory and script path setup. Add missing termination to newtrace response message in manage_request.c. --- Fix bugs in usermap rule, file load_dynamic.c. Fix bug in free routine in tmemory.c, bug only encountered in situations where last block on free list was allocated completely with no fragmentation followed by freeing of a block. Revamp how server processes HTTP request headers. Session control block was extended to include summary information about which headers are present in request. Multiple scans for different header labels can be done more efficiently by checking a bitmask. The new files http_header.c/.h define support routines for these new structures. Files affected: http_server.c, http_execute.c, send_document.c, session.h. (todo: protect.c). Modify rule_file.c and http_execute.c to support cname-based virtual hosting (home-page based on domain name specified in host: request header). Only works with browsers that supply the host: field. To create a cname-based virtual host, specify localaddress rules the same as you would do for real multi-homed hosts except specify 'cname' as the IP address, e.g: localaddress cname www.wallyworld.com map /* /ww/* # prefix all with ww. localaddress cname www.walldrug.com map /* /sd/* # prefix with sd (south dakota) localaddress 2.1a (14-SEP-1995) Add script_manage to makefile for digital unix. Include TCP option when invoking link_script.com on servermaint.exe. Fix problem with preproc_mst and macro behaviour of VAX C --- Fix problem with auto-detect of directories when using external browser and internal browser disabled. Remove extraneous printf statements in omnimap_mst.c ('loc: ...' lines being writting to http_startup.log). Fix bug in cgilib.c, cgi_write() incorrectly handled large buffers. Modify wwwpost.com to work with pre-V6.1 DECnet (shorten logical name). Add identification directive to http_server.opt. Make tserver_tcpshr_install.com more complete. 2.1 (25-AUG-1995) More tweaks to servermaint scripts, provide 'menu bar' at top of each configuration file. Add protect rules to http_paths.servermaint's rule list for additional rules. 2.1-alpha4 (17-AUG-1996) Extensive rework of configuration files for use with servermaint script. Add servermaint support to http_suffixes.conf, http_directory.conf and http_paths.conf as well as introduce new file http_manage.conf. Remove default PUT method definition from rule_file.c and make pre-processor symbol tables independant for each include file. Fix bug in servermaint that limited iterated .authorize list to 2 entries. Add configuration file pre-processor to eternal directory browser. --- Fix bugs in servermaint.c related to unitialized memory and memory allocation. Plug security holes in WWWPOST.COM (meta-character problems). Add new configuration rule for adding site-defined methods to server as scripts: "METHOD method script". 'Script' is VMS specification of script to handle method, following same conventions as search scripts. Modified rule_file.c, http_execute.c, and presentation_map.c. Re-implement the PUT method support as an implicit "METHOD PUT WWWPOST.COM" rule executed prior to reading the rule file. You may define your own PUT method script to override this definition. Move WWWPOST to www_system: as a consequence of this change. Update configfile.html/configfile_toc.htmlx to include new METHOD and MANAGE rules. --- Add tag to scriptserver protocol. This tag allows designated (i.e. 'known') scripts to temporarily re-define the management port to permit the script to send management commands to the server. The support routines for the new functionality are in new file [.base_code]script_manage.c, see comments at the top of that file for details. Add MANAGE rule to configuration file ruleset: MANAGE HOST host-address ! address format: nnn.nnn.nnn.nnn MANAGE PORT port-number MANAGE SCRIPT script-name [allowed-commands] The manage host and port override HTTP_MANAGE_PORT and HTTP_MANAGE_HOST if present. A manage script is used to designate the scripts that may use the tag. Updated servermaint script and http_main.conf to incorporate new manage functions. Permit HTTP_MANAGE_HOST environment variable to be specified in dot format. The new MANAGE HOST configuration file rule is the preferred method to set the manage host. Modify link_tcpshare.com so that P3, if non-null, specifies additional files to include in the link. Change descrip.mms files to put 'prefix_all' definition in .first block so that it only appears once in generated build*.com files. Fix bug in interpretation of PORT rule in rule_file.c. Ensure global lock around SYS$GETUAI calls. Modify tserver_tcp.c to more fully initialize the dummy client context on manage port operations (needed for script manage functionality). Make default DECC$REENTRANCY 1 when compiled with DEC C. --- Modify http_server.c to ignore extraneous initial newlines when reading requests on keepalive threads. Netscape has been observed to send an extra newline following content in form posts. Relax requirement that first line returned by CGI mode script be exclusively "location:" or "content-type:". If a status: header and extra headers are supplied by cgi script, status header is truncated to 35 character or padded with spaces to this length. Modify rule_file.c to include a simple processor for configuration files. Pre-processor directives start with a period: .define symbol value ... .expand [string|$symbol] {string|$symbols} .ignore .directive {.directive} .iterate [string|$dumarg] {string|$dumarg} .next arg {arg} The pre-processor is provided to facilitate editting of the configuration file by server scripts. Add new script servermaint.c and supporting files, this script provides form-based editing configuration files via pre-processor rules and template files. Script creates private (.ignore) pre-processor directives .authorize and .form. Modify http_server.com to make http_main.conf the default configuration file name instead of http_sample_home.conf. Http_main.conf combines the function of http_sample_home.conf and http_params.conf and is oriented toward use with the servermaint script. Modify mbxnet_acp.c to exit when http server sub-process dies. Fix bugs in webbook_shelf.c that causes improper freeing of storage. 2.0a-alpha1 (28-MAY-1996) Update html_preproc.c to support inclusion of only part of file delimited by ,