[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]
[0106]
[0107]
[0108]
[0109]
[0110]
[0111]
[0112]
[0113]
[0114]
[0115]
[0116]
[0117]
[0118]
[0119]
[0120]
[0121]
[0122]
[0123]
[0124]
[0125]
[0126]
[0127]
[0128]
[0129]
[0130]
[0131]
[0132]
[0133]
[0134]
[0135]
[0136]
[0137]
[0138]
[0139]
[0140]
[0141]
[0142]
[0143]
[0144]
[0145]
[0146]
[0147]
[0148]
[0149]
[0150]
[0151]
[0152]
[0153]
[0154]
[0155]
[0156]
[0157]
[0158]
[0159]
[0160]
[0161]
[0162]
[0163]
[0164]
[0165]
[0166]
[0167]
[0168]
[0169]
[0170]
[0171]
[0172]
[0173]
[0174]
[0175]
[0176]
[0177]
[0178]
[0179]
[0180]
[0181]
[0182]
[0183]
[0184]
[0185]
[0186]
[0187]
[0188]
[0189]
[0190]
[0191]
[0192]
[0193]
[0194]
[0195]
[0196]
[0197]
[0198]
[0199]
[0200]
[0201]
[0202]
[0203]
[0204]
[0205]
[0206]
[0207]
[0208]
[0209]
[0210]
[0211]
[0212]
[0213]
[0214]
[0215]
[0216]
[0217]
[0218]
[0219]
[0220]
[0221]
[0222]
[0223]
[0224]
[0225]
[0226]
[0227]
[0228]
[0229]
[0230]
[0231]
[0232]
[0233]
[0234]
[0235]
[0236]
[0237]
[0238]
[0239]
[0240]
[0241]
[0242]
[0243]
[0244]
[0245]
[0246]
[0247]
[0248]
[0249]
[0250]
[0251]
[0252]
[0253]
[0254]
[0255]
[0256]
[0257]
[0258]
[0259]
[0260]
[0261]
[0262]
[0263]
[0264]
[0265]
[0266]
[0267]
[0268]
[0269]
[0270]
[0271]
[0272]
[0273]
[0274]
[0275]
[0276]
[0277]
[0278]
[0279]
[0280]
[0281]
[0282]
[0283]
[0284]
[0285]
[0286]
[0287]
[0288]
[0289]
[0290]
[0291]
[0292]
[0293]
[0294]
[0295]
[0296]
[0297]
[0298]
[0299]
[0300]
[0301]
[0302]
[0303]
[0304]
[0305]
[0306]
[0307]
[0308]
[0309]
[0310]
[0311]
[0312]
[0313]
[0314]
[0315]
[0316]
[0317]
[0318]
[0319]
[0320]
[0321]
[0322]
[0323]
[0324]
[0325]
[0326]
[0327]
[0328]
[0329]
[0330]
[0331]
[0332]
[0333]
[0334]
[0335]
[0336]
[0337]
[0338]
[0339]
[0340]
[0341]
[0342]
[0343]
[0344]
[0345]
[0346]
[0347]
[0348]
[0349]
[0350]
[0351]
[0352]
[0353]
[0354]
[0355]
[0356]
[0357]
[0358]
[0359]
[0360]
[0361]
[0362]
[0363]
[0364]
[0365]
[0366]
[0367]
[0368]
[0369]
[0370]
[0371]
[0372]
[0373]
[0374]
[0375]
[0376]
[0377]
[0378]
[0379]
[0380]
[0381]
[0382]
[0383]
[0384]
[0385]
[0386]
[0387]
[0388]
[0389]
[0390]
[0391]
[0392]
[0393]
[0394]
[0395]
[0396]
[0397]
[0398]
[0399]
[0400]
[0401]
[0402]
[0403]
[0404]
[0405]
[0406]
[0407]
[0408]
[0409]
[0410]
[0411]
[0412]
[0413]
[0414]
[0415]
[0416]
[0417]
[0418]
[0419]
[0420]
[0421]
[0422]
[0423]
[0424]
[0425]
[0426]
[0427]
[0428]
[0429]
[0430]
[0431]
[0432]
[0433]
[0434]
[0435]
[0436]
[0437]
[0438]
[0439]
[0440]
[0441]
[0442]
[0443]
[0444]
[0445]
[0446]
[0447]
[0448]
[0449]
[0450]
[0451]
[0452]
[0453]
[0454]
[0455]
[0456]
[0457]
[0458]
[0459]
[0460]
[0461]
[0462]
[0463]
[0464]
[0465]
[0466]
[0467]
[0468]
[0469]
[0470]
[0471]
[0472]
[0473]
[0474]
[0475]
[0476]
[0477]
[0478]
[0479]
[0480]
[0481]
[0482]
[0483]
[0484]
[0485]
[0486]
[0487]
[0488]
[0489]
[0490]
[0491]
[0492]
[0493]
[0494]
[0495]
[0496]
[0497]
[0498]
[0499]
[0500]
[0501]
[0502]
[0503]
[0504]
[0505]
[0506]
[0507]
[0508]
[0509]
[0510]
[0511]
[0512]
[0513]
[0514]
[0515]
[0516]
[0517]
[0518]
[0519]
[0520]
[0521]
[0522]
[0523]
[0524]
[0525]
[0526]
[0527]
[0528]
[0529]
[0530]
[0531]
[0532]
[0533]
[0534]
[0535]
[0536]
[0537]
[0538]
[0539]
[0540]
[0541]
[0542]
[0543]
[0544]
[0545]
[0546]
[0547]
[0548]
[0549]
[0550]
[0551]
[0552]
[0553]
[0554]
[0555]
[0556]
[0557]
[0558]
[0559]
[0560]
[0561]
[0562]
[0563]
[0564]
[0565]
[0566]
[0567]
[0568]
[0569]
[0570]
[0571]
[0572]
[0573]
[0574]
[0575]
[0576]
[0577]
[0578]
[0579]
[0580]
[0581]
[0582]
[0583]
[0584]
[0585]
[0586]
[0587]
[0588]
[0589]
[0590]
[0591]
[0592]
[0593]
[0594]
[0595]
[0596]
[0597]
[0598]
[0599]
[0600]
[0601]
[0602]
[0603]
[0604]
[0605]
[0606]
[0607]
[0608]
[0609]
[0610]
[0611]
[0612]
[0613]
[0614]
[0615]
[0616]
[0617]
[0618]
[0619]
[0620]
[0621]
[0622]
[0623]
[0624]
[0625]
[0626]
[0627]
[0628]
[0629]
[0630]
[0631]
[0632]
[0633]
[0634]
[0635]
[0636]
[0637]
[0638]
[0639]
[0640]
[0641]
[0642]
[0643]
[0644]
[0645]
[0646]
[0647]
[0648]
[0649]
[0650]
[0651]
[0652]
[0653]
[0654]
[0655]
[0656]
[0657]
[0658]
[0659]
[0660]
[0661]
[0662]
[0663]
[0664]
[0665]
[0666]
[0667]
[0668]
[0669]
[0670]
[0671]
[0672]
[0673]
[0674]
[0675]
[0676]
[0677]
[0678]
[0679]
[0680]
[0681]
[0682]
[0683]
[0684]
[0685]
[0686]
[0687]
[0688]
[0689]
[0690]
[0691]
[0692]
[0693]
[0694]
[0695]
[0696]
[0697]
[0698]
[0699]
[0700]
[0701]
[0702]
[0703]
[0704]
[0705]
[0706]
[0707]
[0708]
[0709]
[0710]
[0711]
[0712]
[0713]
[0714]
[0715]
[0716]
[0717]
[0718]
[0719]
[0720]
[0721]
[0722]
[0723]
[0724]
[0725]
[0726]
[0727]
[0728]
[0729]
[0730]
[0731]
[0732]
[0733]
[0734]
[0735]
[0736]
[0737]
[0738]
[0739]
[0740]
[0741]
[0742]
[0743]
[0744]
[0745]
[0746]
[0747]
[0748]
[0749]
[0750]
[0751]
[0752]
[0753]
[0754]
[0755]
[0756]
[0757]
[0758]
[0759]
[0760]
[0761]
[0762]
[0763]
[0764]
[0765]
[0766]
[0767]
[0768]
[0769]
[0770]
[0771]
[0772]
[0773]
[0774]
[0775]
[0776]
[0777]
[0778]
[0779]
[0780]
[0781]
[0782]
[0783]
[0784]
[0785]
[0786]
[0787]
[0788]
[0789]
[0790]
[0791]
[0792]
[0793]
[0794]
[0795]
[0796]
[0797]
[0798]
[0799]
[0800]
[0801]
[0802]
[0803]
[0804]
[0805]
[0806]
[0807]
[0808]
[0809]
[0810]
[0811]
[0812]
[0813]
[0814]
[0815]
[0816]
[0817]
[0818]
[0819]
[0820]
[0821]
[0822]
[0823]
[0824]
[0825]
[0826]
[0827]
[0828]
[0829]
[0830]
[0831]
[0832]
[0833]
[0834]
[0835]
[0836]
[0837]
[0838]
[0839]
[0840]
[0841]
[0842]
[0843]
[0844]
[0845]
[0846]
[0847]
[0848]
[0849]
[0850]
[0851]
[0852]
[0853]
[0854]
[0855]
[0856]
[0857]
[0858]
[0859]
[0860]
[0861]
[0862]
[0863]
[0864]
[0865]
[0866]
[0867]
[0868]
[0869]
[0870]
[0871]
[0872]
[0873]
[0874]
[0875]
[0876]
[0877]
[0878]
[0879]
[0880]
[0881]
[0882]
[0883]
[0884]
[0885]
[0886]
[0887]
[0888]
[0889]
[0890]
[0891]
[0892]
[0893]
[0894]
[0895]
[0896]
[0897]
[0898]
[0899]
[0900]
[0901]
[0902]
[0903]
[0904]
[0905]
[0906]
[0907]
[0908]
[0909]
[0910]
[0911]
[0912]
[0913]
[0914]
[0915]
[0916]
[0917]
[0918]
[0919]
[0920]
[0921]
[0922]
[0923]
[0924]
[0925]
[0926]
[0927]
[0928]
[0929]
[0930]
[0931]
[0932]
[0933]
[0934]
[0935]
[0936]
[0937]
[0938]
[0939]
[0940]
[0941]
[0942]
[0943]
[0944]
[0945]
[0946]
[0947]
[0948]
[0949]
[0950]
[0951]
[0952]
[0953]
[0954]
[0955]
[0956]
[0957]
[0958]
[0959]
[0960]
[0961]
[0962]
[0963]
[0964]
[0965]
[0966]
[0967]
[0968]
[0969]
[0970]
[0971]
[0972]
[0973]
[0974]
[0975]
[0976]
[0977]
[0978]
[0979]
[0980]
[0981]
[0982]
[0983]
[0984]
[0985]
[0986]
[0987]
[0988]
[0989]
[0990]
[0991]
[0992]
[0993]
[0994]
[0995]
[0996]
[0997]
[0998]
[0999]
[1000]
[1001]
[1002]
[1003]
[1004]
[1005]
[1006]
[1007]
[1008]
[1009]
[1010]
[1011]
[1012]
[1013]
[1014]
[1015]
[1016]
[1017]
[1018]
[1019]
[1020]
[1021]
[1022]
[1023]
[1024]
[1025]
[1026]
[1027]
[1028]
[1029]
[1030]
[1031]
[1032]
[1033]
[1034]
[1035]
[1036]
[1037]
[1038]
[1039]
[1040]
[1041]
[1042]
[1043]
[1044]
[1045]
[1046]
[1047]
[1048]
[1049]
[1050]
[1051]
[1052]
[1053]
[1054]
[1055]
[1056]
[1057]
[1058]
[1059]
[1060]
[1061]
[1062]
[1063]
[1064]
[1065]
[1066]
[1067]
[1068]
[1069]
[1070]
[1071]
[1072]
[1073]
[1074]
[1075]
[1076]
[1077]
[1078]
[1079]
[1080]
[1081]
[1082]
[1083]
[1084]
[1085]
[1086]
[1087]
[1088]
[1089]
[1090]
[1091]
[1092]
[1093]
[1094]
[1095]
[1096]
[1097]
[1098]
[1099]
[1100]
[1101]
[1102]
[1103]
[1104]
[1105]
[1106]
[1107]
[1108]
[1109]
[1110]
[1111]
[1112]
[1113]
[1114]
[1115]
[1116]
[1117]
[1118]
[1119]
[1120]
[1121]
[1122]
[1123]
[1124]
[1125]
[1126]
[1127]
[1128]
[1129]
[1130]
[1131]
[1132]
[1133]
[1134]
[1135]
[1136]
[1137]
[1138]
[1139]
[1140]
[1141]
[1142]
[1143]
[1144]
[1145]
[1146]
[1147]
[1148]
[1149]
[1150]
[1151]
[1152]
[1153]
[1154]
[1155]
[1156]
[1157]
[1158]
[1159]
[1160]
[1161]
[1162]
[1163]
[1164]
[1165]
[1166]
[1167]
[1168]
[1169]
[1170]
[1171]
[1172]
[1173]
[1174]
[1175]
[1176]
[1177]
[1178]
[1179]
[1180]
[1181]
[1182]
[1183]
[1184]
[1185]
[1186]
[1187]
[1188]
[1189]
[1190]
[1191]
[1192]
[1193]
[1194]
[1195]
[1196]
[1197]
[1198]
[1199]
[1200]
[1201]
[1202]
[1203]
[1204]
[1205]
[1206]
[1207]
[1208]
[1209]
[1210]
[1211]
[1212]
[1213]
[1214]
[1215]
[1216]
[1217]
[1218]
[1219]
[1220]
[1221]
[1222]
[1223]
[1224]
[1225]
[1226]
[1227]
[1228]
[1229]
[1230]
[1231]
[1232]
[1233]
[1234]
[1235]
[1236]
[1237]
[1238]
[1239]
[1240]
[1241]
[1242]
[1243]
[1244]
[1245]
[1246]
[1247]
[1248]
[1249]
[1250]
[1251]
[1252]
[1253]
[1254]
[1255]
[1256]
[1257]
[1258]
[1259]
[1260]
[1261]
[1262]
[1263]
[1264]
[1265]
[1266]
[1267]
[1268]
[1269]
[1270]
[1271]
[1272]
[1273]
[1274]
[1275]
[1276]
[1277]
[1278]
[1279]
[1280]
[1281]
[1282]
[1283]
[1284]
[1285]
[1286]
[1287]
[1288]
[1289]
[1290]
[1291]
[1292]
[1293]
[1294]
[1295]
[1296]
[1297]
[1298]
[1299]
[1300]
[1301]
[1302]
[1303]
[1304]
[1305]
[1306]
[1307]
[1308]
[1309]
[1310]
[1311]
[1312]
[1313]
[1314]
[1315]
[1316]
[1317]
[1318]
[1319]
[1320]
[1321]
[1322]
[1323]
[1324]
[1325]
[1326]
[1327]
[1328]
[1329]
[1330]
[1331]
[1332]
[1333]
[1334]
[1335]
[1336]
[1337]
[1338]
[1339]
[1340]
[1341]
[1342]
[1343]
[1344]
[1345]
[1346]
[1347]
[1348]
[1349]
[1350]
[1351]
[1352]
[1353]
[1354]
[1355]
[1356]
[1357]
[1358]
[1359]
[1360]
[1361]
[1362]
[1363]
[1364]
[1365]
[1366]
[1367]
[1368]
[1369]
[1370]
[1371]
[1372]
[1373]
[1374]
[1375]
[1376]
[1377]
[1378]
[1379]
[1380]
[1381]
[1382]
[1383]
[1384]
[1385]
[1386]
[1387]
[1388]
[1389]
[1390]
[1391]
[1392]
[1393]
[1394]
[1395]
[1396]
[1397]
[1398]
[1399]
[1400]
[1401]
[1402]
[1403]
[1404]
[1405]
[1406]
[1407]
[1408]
[1409]
[1410]
[1411]
[1412]
[1413]
[1414]
[1415]
[1416]
[1417]
[1418]
[1419]
[1420]
[1421]
[1422]
[1423]
[1424]
[1425]
[1426]
[1427]
[1428]
[1429]
[1430]
[1431]
[1432]
[1433]
[1434]
[1435]
[1436]
[1437]
[1438]
[1439]
[1440]
[1441]
[1442]
[1443]
[1444]
[1445]
[1446]
[1447]
[1448]
[1449]
[1450]
[1451]
[1452]
[1453]
[1454]
[1455]
[1456]
[1457]
[1458]
[1459]
[1460]
[1461]
[1462]
[1463]
[1464]
[1465]
[1466]
[1467]
[1468]
[1469]
[1470]
[1471]
[1472]
[1473]
[1474]
[1475]
[1476]
[1477]
[1478]
[1479]
[1480]
[1481]
[1482]
[1483]
[1484]
[1485]
[1486]
[1487]
[1488]
[1489]
[1490]
[1491]
[1492]
[1493]
[1494]
[1495]
[1496]
[1497]
[1498]
[1499]
[1500]
[1501]
[1502]
[1503]
[1504]
[1505]
[1506]
[1507]
[1508]
[1509]
[1510]
[1511]
[1512]
[1513]
[1514]
[1515]
[1516]
[1517]
[1518]
[1519]
[1520]
[1521]
[1522]
[1523]
[1524]
[1525]
[1526]
[1527]
[1528]
[1529]
[1530]
[1531]
[1532]
[1533]
[1534]
[1535]
[1536]
[1537]
[1538]
[1539]
[1540]
[1541]
[1542]
[1543]
[1544]
[1545]
[1546]
[1547]
[1548]
[1549]
[1550]
[1551]
[1552]
[1553]
[1554]
[1555]
[1556]
[1557]
[1558]
[1559]
[1560]
[1561]
[1562]
[1563]
[1564]
[1565]
[1566]
[1567]
[1568]
[1569]
[1570]
[1571]
[1572]
[1573]
[1574]
[1575]
[1576]
[1577]
[1578]
[1579]
[1580]
[1581]
[1582]
[1583]
[1584]
[1585]
[1586]
[1587]
[1588]
[1589]
[1590]
[1591]
[1592]
[1593]
[1594]
[1595]
[1596]
[1597]
[1598]
[1599]
[1600]
[1601]
[1602]
[1603]
[1604]
[1605]
[1606]
[1607]
[1608]
[1609]
[1610]
[1611]
[1612]
[1613]
[1614]
[1615]
[1616]
[1617]
[1618]
[1619]
[1620]
[1621]
[1622]
[1623]
[1624]
[1625]
[1626]
[1627]
[1628]
[1629]
[1630]
[1631]
[1632]
[1633]
[1634]
[1635]
[1636]
[1637]
[1638]
[1639]
[1640]
[1641]
[1642]
[1643]
[1644]
[1645]
[1646]
[1647]
[1648]
[1649]
[1650]
[1651]
[1652]
[1653]
[1654]
[1655]
[1656]
[1657]
[1658]
[1659]
[1660]
[1661]
[1662]
[1663]
[1664]
[1665]
[1666]
[1667]
[1668]
[1669]
[1670]
[1671]
[1672]
[1673]
[1674]
[1675]
[1676]
[1677]
[1678]
[1679]
[1680]
[1681]
[1682]
[1683]
[1684]
[1685]
[1686]
[1687]
[1688]
[1689]
[1690]
[1691]
[1692]
[1693]
[1694]
[1695]
[1696]
[1697]
[1698]
[1699]
[1700]
[1701]
[1702]
[1703]
[1704]
[1705]
[1706]
[1707]
[1708]
[1709]
[1710]
[1711]
[1712]
[1713]
[1714]
[1715]
[1716]
[1717]
[1718]
[1719]
[1720]
[1721]
[1722]
[1723]
[1724]
[1725]
[1726]
[1727]
[1728]
[1729]
[1730]
[1731]
[1732]
[1733]
[1734]
[1735]
[1736]
[1737]
[1738]
[1739]
[1740]
[1741]
[1742]
[1743]
[1744]
[1745]
[1746]
[1747]
[1748]
[1749]
[1750]
[1751]
[1752]
[1753]
[1754]
[1755]
[1756]
[1757]
[1758]
[1759]
[1760]
[1761]
[1762]
[1763]
[1764]
[1765]
[1766]
[1767]
[1768]
[1769]
[1770]
[1771]
[1772]
[1773]
[1774]
[1775]
[1776]
[1777]
[1778]
[1779]
[1780]
[1781]
[1782]
[1783]
[1784]
[1785]
[1786]
[1787]
[1788]
[1789]
[1790]
[1791]
[1792]
[1793]
[1794]
[1795]
[1796]
[1797]
[1798]
[1799]
[1800]
[1801]
[1802]
[1803]
[1804]
[1805]
[1806]
[1807]
[1808]
[1809]
[1810]
[1811]
[1812]
[1813]
[1814]
[1815]
[1816]
[1817]
[1818]
[1819]
[1820]
[1821]
[1822]
[1823]
[1824]
[1825]
[1826]
[1827]
[1828]
[1829]
[1830]
[1831]
[1832]
[1833]
[1834]
[1835]
[1836]
[1837]
[1838]
[1839]
[1840]
[1841]
[1842]
[1843]
[1844]
[1845]
[1846]
[1847]
[1848]
[1849]
[1850]
[1851]
[1852]
[1853]
[1854]
[1855]
[1856]
[1857]
[1858]
[1859]
[1860]
[1861]
[1862]
[1863]
[1864]
[1865]
[1866]
[1867]
[1868]
[1869]
[1870]
/*****************************************************************************/
/*
version.h
VERSION HISTORY
---------------
23-OCT-2021 MGD v12.0.0,
So long, farewell, Auf Wiedersehen, goodnight (-VAX)
(comprehensive move to native 64 bit data storage)
continuing port to x86-64 (OpenVMS V9.1-A)
verified builds against and operates with OpenSSL 3.0
(but not offically supported due to OpenSSL 3.0 issues)
accomodate PIPE from WASD_ROOT:[SRC.UTILS]WASTEE.C
TcpIpAlt..() experimental address/name lookup
BSD 4.4 sockaddr.. IO$M_EXTEND to $QIO (per MB)
proxy caching has been obsoleted
proxy SOCKS5 connect support
scripting process naming revised (perhaps even enhanced)
agent scripting extended and formalised for v12...
AGENT-BEGIN: and AGENT-END: callouts
CGI: and DICT: callouts
/DO=DCL=PROCTOR=APPLY
/DO=DCL=PROCTOR=LOAD
/DO=NET=LIST
/DO=NET=PURGE=HTTP1
/DO=NET=PURGE=HTTP2
logging 'XX:blb' visual aid
AdminPing() provides a baseline RTT for request processing
SET proxy=rework=<string> (replacement strings for response)
SET response=var=asis (provide exact image of on-disk file)
SET webdav=all (process all requests via WebDAV code)
SET webdav=auth (authorise access using WebDAV SETings)
metacon webdav:all (SETing of above)
metacon webdav:auth (SETing of above)
pass /whatever "200 $<command>" executes CLI command
!#-- and !#++ selectively disable/(re)enable WATCH reporting
[ServiceConnect] respond to a connection on a port
WATCH: proctored script by checking only [x]Script
OdsFileAcpInfo() ATR$C_MODDATE (date-time *data* modified)
supplements ATR$C_REVDATE (classic revision date-time)
callout HTTP-STATUS: detect if a script has responded yet
DavWebRequest() specifically handle WebDAV GET and HEAD
DavMetaOds() ensure extended syntax only used ODS-5 volumes
AuthAccessEnable() file access use (rqptr->WebDavRequest ||
rqptr->WhiffOfWebDav || rqptr->rqPathSet.WebDavAuth)
AuthParseAuthorization() return AUTH_DENIED_BY_LOGIN
if unknown scheme allowing 401 response rather than 403
FaoBigNumber() '&,' optionally numbers 'P', 'G', 'M', 'k'
SesolaMkCertRetain() stores dynamic cert in process logical
WatchData() and WatchDataDump() constrain length
NetListFor() use of $BRKTHRU requires OPER privilege
bugfix; Http2Supervisor() idle connection
bugfix; SesolaNetIoRead() /bytes = value/
bugfix; FileBegin() ERROR_REPORTED() free file task
bugfix; CliDemo and instance environment number (per KM)
bugfix; CgiGenerateVariables() "AUTHAGENT hangs when called
for a POST request" (per JPP)
bugfix; DclCalloutDefault() CLIENT-READ:
bugfix; AdminMenu() activity hours 672
bugfix; MapOdsAdsVmsToUrl() "if (SAME2(cptr,':['))"
bugfix; OdsDirectSearch() appending the resultant file name
to the pre-filled expanded name
bugfix; DavMetaCreateDir() and DavMetaDeleteDir()
allow for non-existant meta data files
bugfix; DavMetaName() no meta directory
bugfix; ErrorReportFooter() use request heap for signature
17-AUG-2020 MGD v11.5.1,
Http2RequestData() reduce memory consumption
HTTP2_DEFAULT_WINDOW_SIZE from 1048575 to 131070
if no service configured create http: and https: ex nihilo
VmCheckPgFlLimit() and WASD_VM_PGFL_LIMIT logical name
keep connect cert (->VerifyPeer) distinct from client cert
bugfix; ProxyEnd() fix NetIoEnd() fix
bugfix; OdsDirectSearch() if wildcard specification
return RMS$_NMF, otherwise RMS$_FNF (seems so elementary)
bugfix; Http2RequestCancel() cancel and abort
bugfix; RequestEnd() redirection
bugfix; SesolaALPNCallback() 'h2' global and service enabled
bugfix; ControlDoHelp() remove non-existant DISCONNECT=..
bugfix; RequestExecutePostAuth1() INTERNAL_PASSWORD_CHANGE
should call HtAdminBegin() not AdminBegin()
bugfix; SesolaSNICallback() needs to propagate newly set
context client verify parameters to SSL-specific
bugfix; SesolaNetFree() ensure (sigh) X509_free() where
->ClientCertPtr associated with connection (i.e. HTTP/2)
bugfix; RequestParseExecute() ensure PUT and DELETE have
WebDAV header field(s) before considering WebDAV
22-JUL-2020 MGD v11.5.0, "Stay well..."
static fallback cert replaced by dynamic SesolaMkCert()
protocol "HTTP/2" also reported in standard log formats
DavWebRequest() remove requirement for logical name
WASD_HTTP2_WEBDAV after WebDAV over HTTP/2 tested
NetIoQioMaxSeg() tune QIO to TCP MSS
verified against VSI SSL111 product
SET response=csp=<string> ("content-security-policy:")
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
SET response=cspro=<string> ("..policy-report-only:")
metacon alpn: (TLS application level protocol negotiation)
metacon proctor: (obvious proctored script clause)
DCL callout CSP: ("content-security-policy:")
DCL callout CSPRO: ("..policy-report-only:")
REGEX.C updated (ever-so-slightly)
more proxy persistent connection (per JPP)
RequestAbort() accomodates HttpdSupervisor() refinement
and REQUEST_STATE_ABORT used throughout server
Http2RequestData() delivers Http2RequestCancel() read AST
NetTestSupevisor() and WASD_NET_TEST_BREAK logical name
bugfix; ProxyEnd() free ioptr using NetIoEnd()
bugfix; NetIoWriteStatus() and NetIoReadStatus()
bugfix; RequestPersistentConnection() pipelined request
bugfix; Http2RequestData() flow control
bugfix; SesolaClientCertGet() SSL_VERIFY_POST_HANDSHAKE
bugfix; httpd.c if (!CliDemo) HttpdGblSecInit();
bugfix; MetaConConditionalList() bu**ered
bugfix; RequestProcessFields() DictLookup (.."accept"..)
bugfix; SesolaCertExtension() BIO_NOCLOSE memory leak
bugfix; CacheLoadEnd() free rqCache.ContentPtr on fail
bugfix; DICT.C "tmptr && tmptr->clink.."
bugfix; Http2Priority() exclusive bit
bugfix; NetCreateService() only SesolaInitService() once
bugfix; WatchDataDump() CHARS_PER_LINE calculation (sigh)
bugfix; OdsDirectSearch() RMS$_FNF not RMS$_NMF (per JPP)
bugfix; RequestShareBegin() if (!MATCH6 (cptr, "raw://"))
bugfix; SesolaNetClientBegin() SESOLA_SINCE_110
BIO_set_data() before SSL_set_bio() (per JPP)
bugfix; AdminParsePath() extraneous OdsParseRelease()
bugfix; OdsDirectSearch() only if not already on the block
boundary add one to get to next, otherwise already there!
20-JUL-2019 MGD v11.4.0, "One small step ..."
25th Anniversary Release (see 20-JUN-1994 below)
adapt WatchSystemPlus() to allow use via CLI /SYSPLUS
then dignified with a (sysPlus..()) module of its very own
/OUTPUT=<file-name> (in particular for /SYSPLUS)
HttpdSupervisor() explicitly WatchEnd()
Sesola_netio_read() and Sesola_netio_write() if connection
broken (channel zero) return zero (SSL shutdown)
SET response=200=203 for request tracking and log analysis
ResponseHiss() response status changed from 403 to 203
status code 418 (teapot) forces connection drop
allow a specified port when redirecting, i.e. http[s]//:nnn
Sesola_netio_read_ast() 0 status TCP/IP Services?
Sesola_netio_write_ast() 0 status TCP/IP Services?
bugfix; SesolaClientCertGet() status 0 an issue
bugfix; SesolaClientCertGet() if (value <= 0) break;
bugfix; CgiOutput() Content-Length: strtoul()
bugfix; SesolaClientCert() allow pattern per 25-AUG-2015
bugfix; SesolaCertExtension() storage reset
bugfix; SesolaCertParseDn() regression (or whatever)
bugfix; Http2NetQueueWrite() PEEK_8 at w2ptr->type
bugfix; non-local without "Host:" use name not host:port
bugfix; Http2RequestEnd() copy tally rx/tx to request
bugfix; OdsDirectSearch() (uint)0xffff && rlen < 508)
bugfix; AuthCompleted() and AuthNotComplete() to address
AST delivery following request end and rundown
bugfix; for bugfix StringSliceValue() kludge
allow for DECnet connection string specified username
bugfix; DavMetaDir() ACCVIO from !SAME2(mfdptr,'[.')
24-NOV-2018 MGD v11.3.0
verified against OpenSSL v1.0.2 && v1.1.0 && v1.1.1
TLSv1.3 operational
verified against EXPAT v2.2.5 (for WebDAV purposes)
(but reverted to v2.0.1 for final VAX WASD release)
VM.C eliminate dynamic tuning of heap initial allocation
and rework to allow detailed memory management statistics
to be compiled into the runtime for development purposes
ODS (FILES-11) directory parser
WatchSystemPlus() et.al. for system troubleshooting
RequestBegin() exit after consecutive SesolaNetBegin() fails
DavWebRundown() explicitly abort WebDAV processing
allow logical name content during one-to-one rule mapping
refactor WatchWrite() using NetWriteBuffered()
DclTaskRunDown() always use DclEmptySysOutput()
[BufferQuotaDclOutput] BUFQUO value for SYS$OUTPUT mailbox
refactor Http2RequestCancel() into Http2RequestCancelRead()
and Http2RequestCancelWrite()
ProxyRequestRebuild() proxy-authorization opaque:
ProxyTunnelLogicalName() WASD_TUNNEL_SECONDS
RequestGet() and ProxyTunnelNetReadAst() provide
"X-Forwarded-For:" client host to proxied-to server
/DO=REQUEST=RUNDOWN=..
/DO=ZERO=STATUS
/DO=SSL=SERVICE=LOAD[=<host:port>] no longer works
SET response=var=crlf
SET response=var=lf
SET response=var=none
bugfix; PutWriteFileOpen() override incompatible existing
file characteristics by first erasing the file
bugfix; seeming innumerable WebDAV fixes (some obvious,
some obscure) many thanks to John Dite for his patience and
persistence in finding and reporting anomalous behaviours
(check the individual DAV...C modules for descriptions)
bugfix; StringSliceValue() kludge for DECnet tasks
bugfix; MetaConEvaluate() "webdav:MSagent"
bugfix; DavWebMicrosoftDetect() before ->WebDavTaskPtr
bugfix; X509_free() memory leak with ->ClientCertPtr
bugfix; Http2NetIoWrite() blocking write data must be
asynchronously persistent so employ internal buffer(s)
bugfix; /DO=AUTH=SKELKEY=.. cluster wide (yet again :-)
bugfix; SESOLA-OpenSSL memory leak at v11.0.0
bugfix; FileParseAst() regression with search list file
bugfix; RequestRundown() allow for cache activity
bugfix; WatchDataDump() CHARS_PER_LINE calculation
bugfix; (longstanding) MapUrl__Map() multiple template
wildcards when reverse mapping
01-MAR-2018 MGD v11.2.0
make WATCH item width flexible using initial value 6 digits
with leading 3 digits HTTP/2 stream ID followed by 3 digits
connection ID number and on overflow increment by 2
if |WASD_ENV| defined use that in absence of /ENV=..
Dav..() always DavWebEnd() not RequestEnd()
WebDAV "authorisation" allowed to be EXTERNAL or OPAQUE
RequestRundown() outstanding task sanity checks
HttpdSupervisor() refactored timeout handling
ProxyTunnelLogicalName() and WASD_TUNNEL to provide client
host and port tunnel data available to the WASD system
activated by SET..PROXY=FORWARDED=[FOR|ADDRESS]
logging 'II' image information (file, version, link time)
logging 'TI' request time in ISO 8601 extended format
logging 'TS' (sortable) UTC request time ISO 8601 format
logging 'TU' request time UTC (GMT) now synonym for 'TG'
stamp (note) log events when common/combined with/without+
SET DIR=TITLE=[default|owner|remote|<integer>|this=<string>]
/DO=HELP brief summary of command-line /DOs
/DO=SSL=SERVICE=LOAD[=<host:port> (re)load SSL context
(/DO=SSL=CERT=LOAD is now implemented using this)
/DO=STATUS report basic status of all instances
/DO=STATUS=NOW instances immediately update status information
/DO=STATUS=PURGE zero stale instance status information
/DO=STATUS=RESET zero instance status information
/NOTE=<string> annotation to server process log
refactor WatchEnd() (yet again)
DclInit() do not adjust SYS$OUTPUT mailbox size when HTTP/2
is enabled, issue an informational as required
DclMemBuf..() memory buffer script IPC (see DCLMEMBUF.C)
callout BUFFER-BEGIN:
callout BUFFER-END:
callout BUFFER-WRITE:
SesolaReport() allow reporting using an HTTP service
CgiOutput() refine Content-Length: to report out-of-range
CgiOutput() reject subsequent non-header
WatchReport() move SSL item into Network group
WatchShowCluster() and WatchShowSystem() VMS V6.2 obsolete
bugfix; (longstanding) InstanceSocketForAdmin() sys$deq()
bugfix; Http2..() window update and flow control management
bugfix; logging 'BB' header length "lost" during HTTP/2 mods
bugfix; nil content CGI responses not delivered
bugfix; (long-standing) always use UpdEnd() not SysDclAst()
bugfix; CgiGenerateVariables()
|rqptr->rqAuth.SourceRealm != AUTH_SOURCE_AGENT_OPAQUE &&|
09-AUG-2017 MGD v11.1.1
relax HTTP/2 "rabbit hole" to permit WATCHing except
for items [x]HTTP/2, [x]SSL and [x]network
/INSTANCE=CONFIG ensures config values used
SesolaClientCertRenegotiate() allow for pre- and post-
OpenSSL 1.1.0 due to MSIE11 (Edge) stalling on a read
after renegotiation (pre reverts to v11.0 and earlier code)
SesolaInitService() when SSL_CTX_set_tmp_dh_callback() is
enabled (DH_PARAM_*.PEM files present) ensure flag
SSL_OP_CIPHER_SERVER_PREFERENCE is implicitly set
MapUrl_GuaranteeAccess() mapping as well as authorisation
Authorize() move AuthorizeGuaranteeAccess() up-front to
ensure access to guaranteed paths not only with failure
StringSliceValue() allow quote-delim inside space-delimited
bugfix; rationalise as OpenSSL_version[_num]() becomes
confused catering for OpenSSL v1.0.2 && v1.1.0 && v1.1.1
bugfix; HttpdSupervisor() do RequestRundown() only the once
bugfix; DclCalloutDefault() NOTICED: and OPCOM: responses
bugfix; DclScriptProctor() request is not actually "!!*!"
bugfix; HpackHeadersFrame() use ":authority" pseudo-header
for "Host:" header according to RFC7540 8.1.2.3
bugfix; SesolaCertExtension() generate UPN independently
for each of pre- and post- OpenSSL 1.1.n
bugfix; SesolaClientCertConditional() 'IS' processing
bugfix; SesolaClientCertRenegotiate() allow for low-level
(i.e. SSL) I/O errors (e.g. link disconnection)
bugfix; LoggingDo() 'SR' silliness from v11.0 rework
bugfix; MapUrl_ExplainPathSet() response=header=add=..
bugfix; for HTTP/2 (sigh) we need NPH to generate a header
bugfix; session ticket key refresh (must be one of those...)
04-MAY-2017 MGD v11.1.0,
"Raw"Socket based on WebSocket infrastructure
[DclScriptProctor] <integer> * general idle process(es)
[ServiceRawSocket] enables a RawSocket
[ServiceSSLcert] specification can contain wildcard(s)
SET proxy=header=<name>[=<string>]
logging 'CL' insert request content-length
logging 'PL' insert PUT or POST body received count
Sesola..() refinements for OpenSSL v1.1.1 and TLS 1.3
sesola.h |#include "openssl/rand.h"| to fix OpenSSL v1.1.0
static link error against rand_bytes() and rand_seed()
SesolaNetThisIsSSL() allow redirection to include scheme
/DO=SSL=CERT=LOAD ... basically for internal use only!
(heads-up: planned Let's Encrypt CME utility :-)
Graph..() activity graphic now implemented using HTML5 canvas
ResponseHeader() ensure non-printables cannot be injected
InstanceSessionTicketKey() rework multi-instance/cluster
(sigh! yes again; the lack of a test cluster these days)
DirDirectories() do not list "hidden" (^.the.DIR) directories
bugfix; use rqHeader.RequestBody.. for body with header
bugfix; DclScriptProctor() v11.0 request structure
requires dictionary and netio structures
bugfix; SesolaNetIoRead() SSL_read() in-progress
bugfix; Http2RequestEnd() end-of-request (control) frame
independent of request itself
bugfix; Http2NetQueueWrite() and Http2NetWriteDataAst()
blocking writes are not placed on the request's
write list as they are transparent to the request
bugfix; Http2NetQueueWrite() deliver via NetIoWriteStatus()
using SS$_NORMAL (HTTP/2 I/O) not the request ->VmsStatus
bugfix; SesolaControlReloadCA() do not proactively
X509_STORE_free() (leaves a dangling pointer?)
bugfix; SesolaSNICallback() port elimination
bugfix; RequestExecutePostCache() keyword redirection count
25-AUG-2016 MGD v11.0.2,
Http2RequestBegin() ensure stream ident not reused
increase MAX_REQUEST_HEADER from 16384 to 32768
InstanceSessionTicketKey() rework multi-instance rotate
CgiGenerateVariables() mitigate httpoxy vulnerability
MsgConfigLoadCallback() make [ismap] optional
ParseCommandInteger() accept just an integer
CLI /INSTANCE=<integer> now sets global section |InstanceMax|
to allow the created process to continue to exist and when
used needs to be reset with the likes of /INSTANCE=1
minimum supported OpenSSL version is now v1.0.0
which precludes HP SSL V1.4 (at least)
OpenSSL v1.1.0 required code changes including
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) in Sesola..()
modules, and introducing a version dependent build
SesolaClientCertRenegotiate() rework due to OpenSSL v1.1.0
ResponseHeader() ->rqCgi.ScriptControlHttpStatus will allow
an error reporting script to override the original status
CGI Script-Control: X-http-status=<integer>
%SSL-x-STRICT (RFC6797) now described as %SSL-x-STRICT, HSTS
bugfix; Http2RequestData() always deliver via NetIoReadAst()
bugfix; HpackHeadersFrame() uncompressed header size
bugfix; CgiGenerateVariables() names from dictionary
bugfix; MetaConEvaluate() request: regression
bugfix; RequestProcessFields() if-range: regression
bugfix; MetaConEvaluate() client_connect_gt: regression
bugfix; SesolaClientCert() move X509 RENEGOTIATE switch
HTTP/2 to HTTP/1.1 after SSL_get_peer_certificate()
30-JUN-2016 MGD v11.0.1,
meta config [[wasd*n.n.n]] server version conditional
[SSLsessionLifetime] session ticket (or ID) lifetime
[SSLverifyPeerDataMax] see documentation
[ServiceSSLsessionLifetime] per-service equivalent
[ServiceSSLverifyPeerDataMax] per-service equivalent
[SSLsessionCacheMax] default (of zero) now disables
in favour of the more efficient Session Ticket
SesolaSessionTicket..() refresh and coordinate the
TLS session ticket key cluster-wide using the DLM
InstanceSupervisor() refresh session ticket key at midnight
RequestGblSecUpdate() method and URI only printable chars
ProxyTunnelRequestParse() append mapped path for logging
DirFiles() and DavPropSearchAst() ignore ambiguous file
names containing an escaped ("^.") period but no type
ErrorRedirectQueryString() ERROR_URI variable
bugfix; MapOdsUrlToOds5Vms() URLs will not contain
'^'-escaped sequences so just '^'-escape them
bugfix; SesolaClientCertRenegotiate() ensure request
data cleared before renegotiate ([SSLverifyPeerDataMax])
bugfix; DclTaskRundown() cancel HTTP/2 client read
bugfix; HttpdSupervisor() accumulate proxy accounting data
bugfix; RequestEnd2() decrement processing rx or (SSH) method
bugfix; RequestEnd2() read status OK -or- ENDOFFILE
bugfix; HpackHeadersFrame() multiple to single cookie header
bugfix; MetaConEvaluate() request-scheme: regression
bugfix; NetWrite() response header write error handling
bugfix; SesolaClientCert() just return status
07-MAY-2016 MGD v11.0.0,
HTTP/2 (RFC7540, RFC7541)
restructure network I/O abstractions (oh boy!)
key-value dictionary (associative array) abstraction
add "Refresh [integer] Seconds" to appropriate reports
ProxyFtpListOutput() update in line with directory listing
SET dict[=<key>[=<value>]]
SET http2=protocol=1.1
SET http2=send=goaway[=<integer>]
SET http2=send=ping
SET http2=send=reset[=<integer>]
SET http2=write=[low|normal|high]
metacon dict:, http2: and request-protocol:
[HTTP2..] global configuration
[TimeoutHttp2Idle] <seconds>
logging 'DI' insert specified dictionary item value
/DO=HTTP2=PURGE[=<integer>]
ensure timed-out requests are logged as 408/500
excise much of the twenty years of reporting HTML cruft
obsolete ismap.c, filedot.c, menu.c and track.c functionality
22-APR-2016 MGD v10.4.3 (unreleased),
logging 'NP' insert notepad value
logging 'XX' insert custom site/client-specific datum
SET sslcgi=apache_mod_ssl_client
SET sslcgi=apache_mod_ssl_extens
LoggingDo() MAX_FAO_VECTOR from 64 to 128
SSL_CTX_set_ecdh_auto() set elliptic curves selection
SesolaTmpDHCallback() improve DH*.PEM flexibility
SesolaCertExtension() parse X509 extensions
SesolaCertName() parse X509 distinguished name
SesolaCgiVariablesExtension() document X509 extensions
SesolaReport() list certificate extensions
[ru:/CN=<pattern>] allows multiple to be selected between
(e.g. "[ru:/CN=user*]", "[ru:/CN=^^\[^/=\]*$]")
SesolaCertParseDn() strncmp() not strsame()
SesolaCertParseDn() select on pattern match
StringMatchAndRegex() ensure |rqptr| not needed
add limit to consecutive failures on persistent connection
remove limit to consecutive requests on persistent connection
TcpIpAddressToString() IPv4 in IPv6 as ::FFFF:n.n.n.n
bugfix; ResponseHeader() for HEAD request transfer-encoding
chunked suppress actual chunked body (RFC 7230 3.3)
bugfix; SesolaInit() session cache max -1 disables cache
bugfix; LoggingDo() elapsed time items
bugfix; LoggingDo() 'CC' do not reuse pointers!
bugfix; LoggingDo() 'VS' |->ServicePtr| dereference
15-AUG-2015 MGD v10.4.2,
[ServiceStrictTransSec] <value> (RFC6797)
[SSLstrictTransSec] <value> (RFC6797)
SET response=sts=<value> (Strict-Transport-Security:)
ResponseHeader() Strict-Transport-Security: header
add WATCH "!42*x" to beginning and ending of requests
DavWebRequest() allow bodies with any and no Content-Type:
then in DavWebRequest2() check for XML in the body content
RequestRedirect() always use dynamic buffers
when "remote-addr:" begins '?' translate host to IP address
LoggingDo() add WASD_LOGS "convenience" logical name
disable kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C
as the issue seems to have been fixed in OpenSSL v1.0.2c
logical name WASD_REDIRECT_WILDCARD must be defined
to enable "DNS wildcard" proxy redirection
bugfix; [Cli]ParseCommand() parenthesis parsing
bugfix; Request..() rework pipelined request handling
bugfix; move supervisor PID from InstanceNodeSupervisor()
to InstanceNodeSupervisorAst()
bugfix; DavWebDestination() URI and URL (Total Commander)
bugfix; Error..() earlier and broader detection of WebDAV
bugfix; DavDeleteParse() enable access around OdsParse()
bugfix; DavMoveMeta() do not report RMS$_DNF
bugfix; FaoSAK() sdptr = StrDscBuffer(StrDscPtr);
bugfix; DavXmlStartElement() PROPFIND accumulate list of
dead properties subsequently searched for in the metadata
bugfix; MapUrl_ExplainPathSet() ->ResponseChunked
bugfix; CONFIG_SERVER_LOGS logical names precede fixed locale
12-FEB-2015 MGD v10.4.1,
ProxyResponseRebuild() and ProxyRequestRebuild() provide
timeout=n parameter with Keep-Alive: header field (some
origin servers hang when no parameters supplied, per JPP)
SesolaInitOptions() expand options keywords to include
most SSL_OP_.. flags using the OpenSSL flag #define as the
keyword minus the "SSL_" (e.g. OP_CIPHER_SERVER_PREFERENCE)
SesolaTmpRSACallback() and SesolaTmpDHCallback()
support for ephemeral keys enabling "forward secrecy"
SesolaInitService() and SesolaInitClientService()
if cipher list begins '+', '-' or '!' append it to default
increase MAX_REQUEST_HEADER from 8192 to 16384
(proxying requests from Firefox to IIS, per JPP)
kludge; SesolaNetAccept() SSL3_ST_SR_CLNT_HELLO_C
bugfix; RequestEndEnd() use ZERO_DELTA_TIME macro
bugfix; AuthCacheNeedsReval() AlreadyLocked (per JPP)
bugfix; ConfigReportSecureSocket() FaoVector[32]
05-DEC-2014 MGD v10.4.0
CORS support
/SSL=(TLSvALL,TLSv1.1,noTLSv1.1,TLSv1.2,noTLSv1.2)
removed /SSL=(2|3|23) which must be altered to SSLv2, etc.
NOTE: TLSv1, TLSv1.1, TLSv1.2 now ENABLED by default
SSLv2 and SSLv3 are now DISABLED by default
(as recommended post-POODLE)
MapUrl_ClientAddress() allows for transparent upstream proxy
ResponseStream() and request /stream/
AuthCacheNeedsReval() so multiple cache entries for the
same credentials do not trigger multiple revalidations
SsiEnd() detect and report non-SSI problem encountered
access log buffer extended from [4096] to [16384] (UMA SAML)
LoggingQuoted() explicitly encode some fields where a raw
quotation mark (URI forbidden) can break a log entry
HttpdExit() sanity check trace after %SYSTEM-F-ASTFLT
stack corruption at (you guessed it) Uni Malaga resulted
in the icb.libicb$v_bottom_of_stack never being set!
tweaks to some accounting fields and values (for WASDmon)
NetCreateService() check bind address string instead of
address to allow binding primary to 0.0.0.0 (INADDR_ANY)
directory default listing style now <table>ed
directory path SET ods=name=utf8 then response charset=utf-8
directory ?httpd=index&font=[inherit|monospace(D)]
?httpd=index&style=table[2]
SET client=[forwarded|if=forwarded|literal=|reset|
if=xforwardedfor|xforwardedfor]
SET dir=font=[inherit|monospace(D)]
dir=style=TABLE[2] (new default)
SET cors=age=<integer> cors=cred=[true|false]
cors=expose=<string> cors=headers=<string>
cors=methods=<string> cors=origin=<string>
SET ods=name=8bit, ods=name=utf8, ods=name=default
SET webdav=[no]hidden
webdav=meta=dir=<string>
[SecureSocket] and [SSL...] (overridden by /SSL=)
[WebDAVmetaDir] sub or full directory for meta files
WedDAV configurable metadata (sub)directory
AuthAccessCheck() add explicit check against server
account to improve reporting of underlying access
User-defined logging directives 'CI', 'SR', 'SV' for
SSL cipher, session reuse and version items
COMMON+, COMMON_SERVER+, COMBINED+ composite log formats
X-record0-mode[=0|1] and associated CGI null-record mode
bugfix; and refine DirFormatSize()
bugfix; SSLv23_method() appears to be a Swiss-army knife
significant rework of SSL version configuration
bugfix; TcpIpCacheAddressToName() memcpy null char
bugfix; DavMetaOpenAst() retry after meta directory creation
bugfix; DavPropEnd() ensure unused meta-data file deleted
bugfix; MapOds5VmsToUrl() et.al. allow for ".]["
bugfix; SAME3 0x00ffffff mask (not 0xffffff00)
bugfix; DirFormatAcpInfoAst() ThisIsADirectory = false;
bugfix; DavWebCreateDir() set SYSPRV access, propagate rest
bugfix; PutWriteFileOpen() WebDAV should not use default
protection mask and instead propagate from profile
bugfix; FileParseAst() allow for non-dir .DIR files
bugfix; RequestRedirect() allocate using (possibly expanded)
header length (not fixed) when allocating POST buffer
bugfix; PROXY.C no $QIO buffer should exceed 65535!
06-OCT-2013 MGD v10.3.0
TLS1 Server Name Indication (SNI) extension
/SSL= parameter options rework (plus new mnemonic options)
SesolaNetClientBegin() include SNI before connect
PutWriteFileOpen() support FAB$C_STM and FAB$C_STMCR
DclMailboxAcl() allow usernames without associated
identifiers (i.e. shared UICs) by first trying with the
username and on failure getting the UIC and using that
FaoUrlEncodeTable tilde from "%7e" to "~" (cadaver issue)
GzipInit() ZLIB shareable image via logical names
WASD_LIBZ_SHR32, then GNV$LIBZSHR32, finally LIBZ_SHR32
PersonaAssume() wrap sys$persona_create() with SYSPRV
after modifications to DclMailboxAcl() to allow usernames
without associated identifiers (i.e. shared UICs)
authorisation realm read-only group can be specified as "*"
to represent that "everyone else" can read
ProxyResponseRebuild() additional header length bumped
from an ambit 256 to an ambit 1024 (Uni Malaga :-)
OdsNamBlockAst() on non-ODS_EXTENDED platforms (i.e. VAX)
tease-out system file name from Nam.nam$l_name and
Nam.nam$l_type into odsptr->SysFileName buffer
historically used by ODS-5 and munge for ODS-2 as well
.WWW_WASD directory directive file
sortable directory listing
?httpd=index&ilink=[yes|no]
?httpd=index&override=[yes|no]
?httpd=index&query=<string> (.WWW_WASD specific)
?httpd=index&style=<which>
?httpd=index&sort=<char>[+|-]
?httpd=index&target=<string>
?httpd=index&these=<wildcard1>[,<wildcard2>]
?httpd=index&versions=<intger>|*
SET dir=delimit=<which>
SET dir=[no]ilink
SET dir=style=sort (plus the dir=style=<which>2)
SET dir=sort=<char>[+|-]
SET dir=target=<string>
SET dir=these=<wildcard1>[,<wildcard2>]
SET dir=versions=<integer>|*
SET put=rfm=[STM|STMCR|UDF] added to FIX512,STMLF
"upstream-addr:" conditional
[AuthRevalidateLoginCookie] obsolete (in favour of ...)
rqptr->AuthRevalidateCount to track empty authentication
prompts preceding potential redundant revalidation prompt
[PutBinaryRFM] add STM and STMCR
[ServiceNonSSLRedirect] <host-name>|<IP-address>[:<port>]
some refinements to Upd..() layout and functionality
refine HTML and bring a little more up-to-date
AUTH_MAX_USERNAME_LENGTH bumped from 47 to 64 for X509
FileAcpInfoAst() '$.' file extension kludge
bugfix; AuthConfigLoadCallBack() additional [AuthProxy]
with intervening rules should reset proxies
bugfix; FileResponseHeader() "?httpd=content&type=" decoded
bugfix; MapOds..() identify MFD using "000000]" and "000000."
bugfix; AuthVmsGetUai() interaction of logon= parameters
bugfix; UpdFileRename() ACCVIO with AuthAccessEnable()
bugfix; RequestParseAndExecute2() remove reset of
request persistent flag from OPTIONS and DELETE
bugfix; SesolaInitService() (or refinement)
SSL_CTX_set_session_id_context() against each service
bugfix; DirFormatSize() bytes
bugfix; OdsParseTerminate() on non-ODS_EXTENDED platforms
(i.e. VAX) reset .nam$b_esl to changed expanded length
or it can generate RMS$_ESL errors
bugfix; DavPropSearchAst() on non-ODS_EXTENDED platforms
(i.e. VAX) reset .nam$b_rsl to changed resultant length
or it can generate RMS$_RSL errors
bugfix; non-ODS_EXTENDED platforms (e.g. VAX) must
OdsParse() NAM$M_NOCONCEAL before OdsSearchNoConceal()
bugfix; MapUrl__Map() reverse mapping wildcard copy
bugfix; CgiGenerateVariables() AUTH_GROUP write/read status
bugfix; AuthClientHostGroup() wildcard match result reversed
bugfix; ProxyResponseRebuild() call ProxyRebuildLocation()
can return a pointer to the original location!
bugfix; SesolaInit() translate WASD_SSL_CIPHER logical name
09-NOV-2012 MGD v10.2.0,
TOKEN authorisation
request header DNT (do not track)
set ProxyReadBufferSize to 64k (per JPP)
allow (proxy) ResponseBufferSize to be >= 64k (per JPP)
HttpdSystemInfo() $GETSYIW() CsidVersion treat status
SS$_UNREACHABLE as non-fatal and fallback to 16 byte LVB
DIGEST.C numerious tweaks up to RFC2069
[AuthTokenEntriesMax] for token authorisation
bugfix; HTAdminModifyUser() use database name for digest
bugfix; AuthorizeResponse() digest scheme
bugfix; AuthVmsGetUai() logon= fall through
bugfix; DclSysOutputAst() WebSocket wrt agent
bugfix; WebSockEnd() do not NetCloseSocket()
bugfix; (at least improve) caching of group write/read
bugfix; SesolaParseCertDn() return NULL if record not found
bugfix; AuthorizeGroupWrite() with cached entries!
bugfix; AuthReadSimpleList() parameter /DIRECTORY= processing
28-APR-2012 MGD v10.1.1,
RequestGet() no longer report 408 for unused connections
RequestEndEnd() likewise ignore unused connections (Chrome)
MetaConLoad() compress non-signficant white-space
proxy WebSocket upgrade requests as raw tunnels (kludge)
DclRestartScript() refine WebSocket handling
DirFormatSize() now uses quadword
DirFormatSize() adjusts units to fit size width
MATCH0..8() macro to improve efficiency over memcmp()
SAME1..4() macro to abstract the *(USHORTPTR)s, etc.
bugfix; RequestBegin() remove RequestEnd() following failed
SesolaNetBegin() resulted in redundant request rundown
bugfix; SesolaNetAccept() initialise value=0
bugfix; SesolaNetRead() SSL state not SSL_ST_OK
bugfix; SesolaNetWrite() SSL state not SSL_ST_OK
bugfix; DavWebMicrosoftMunge2() token reprocessing
bugfix; FileAcpInfoAst() SS$_BADPARAM >2GB <4GB (per JPP)
bugfix; WebSockCloseMailboxes() logic
bugfix; DclScriptProcessCompletionAST() don't WebSockClose()
any WebSocket request currrently associated with the task
bugfix; RequestEndEnd() '->WebSocketCount' already locked
06-NOV-2011 MGD v10.1.0,
dragged kicking and screaming to VMS V7.0 base build
Web Socket (HTML5) support
Secure Sockets default to SSL v3 and TLS v1 (no more SSL v2)
SET cache=[no]cookie
SET map=uri
SET proxy=chain=cred=<string>
SET proxy=tunnel=request=<string>
SET regex=<keyword>
SET response=HTTP=original
SET service=<keyword>
SET notimeout (short-hand for timeout=none,none,none)
SET websocket=<keyword>
"origin:" conditional
"request-peek:" conditional
"upgrade:" conditional
"websocket:" conditional
[DclScriptProctor] (pro-)activate script/environments
[RegEx] enabled/disabled/<keyword>
[ServiceProxyChainCred] down-stream proxy credentials
[WwwImplied] "www." is implied even with virtual services
("Host:") not beginning with it (ServiceFindVirtual())
callout LIFETIME: can accept <hh:mm:ss>
callout SCRIPT-CONTROL:string (see DCL.C)
logging 'PP' outgoing proxy connection local port
/DO=ALIGN=.. to allow collection and analysis of Alpha and
Itanium alignment fault data using HttpdAlignFault() et.al.
/DO=NET=PURGE[=..] expanded capability
/DO=WEBSOCKET=DISCONNECT[=..] to disconnect WebSockets
/PRIORITY= limit increased from 6 to 15
SesolaInit() default is SSLv2 off and SSLv3/TLSv1 on
AuthAgentCallout() callout BODY implemented (for PAPI)
MapOdsUrlTo..() consecutive '/' into a single a la Unix
ServiceReportNow() service synopsis
ProxyTunnelChainConnect() chain proxy authorization
ProxyRequestRebuild() chain proxy authorization (BASIC only)
ServiceReportNow() add summary to service report
configuration lines beginning "!#" now allow WATCHable
during mapping and authorisation processing
reworked query string handling based on length
ServiceEntityMatch() processes in-match and if-not-match
CacheSearch() implement request cache control
CacheLoadResponse() checks response header for
"Cache-Control:" directives and adjusts accordingly
CacheLoadEnd() buffer all content-type data
(previous behaviour truncated at ';' or white-space)
MetaConLoad() ensure metacon "lines" are quadword aligned
__unaligned directive added to pointer macros in a
(successful) effort to avoid alignment faults
VM_OFFSET now 8 (quadword alignment) instead of 4
bugfix; OdsFileExists() parse NAM$M_NOCONCEAL in case of
multi-valued, concealed logical devices and then convert
returned status DNF into the functional equivalent FNF
bugfix; directory listing OdsSearchNoConceal() to
process concealed, multi-value logical device names
bugfix; RequestRedirect() only concat '&' if including query
bugfix; set rule 'CacheSetting' boolean with any CACHE=..
02-OCT-2010 MGD v10.0.3,
command-line checks of configuration files
/DO=AUTH=CHECK /DO=CONFIG=CHECK (all configuration files)
/DO=GLOBAL=CHECK /DO=MAP=CHECK /DO=MSG=CHECK
/DO=SERVICE=CHECK
TcpIp6..() functions to resolve IPv6 AAAA records
ProxyRequestParse() improve IPv6 host parsing
bugfix; regression at 10.0.1 with proxy authorization
bugfix; SSL_set_info_callback() not SSL_CTX_set..()
01-JUL-2010 MGD v10.0.2,
metacon "file:" and "directory:" to probe file-system
SET script=lifetime=<hh:mm:ss>
SET put=max=<integer> per-path equivalent of [PutMaxKbytes]
SET put=max=* for (effectively) unlimited upload
BODY.C significant rework to function()alise common code
BODY.C improve performance with multiblock of 127 (per JPP)
BODY.C make MultipartContentType(Ptr) a dynamic structure
as Microsoft endeavour to include application data
along with MIME content-type, see ...
http://msdn.microsoft.com/en-us/library/aa338205.aspx
and an example (no kidding!) ...
"application/vnd.ms.powerpoint.template.macroEnabled.12application/x-font"
FileNextBlocks() change QIO file size from long to quad
to cater for files greater than 4GB (4GB+ is limited to
file serving only, no ranges, etc.)
RequestExecutePostCache() UTF-8 decode WebDAV objects
RequestRedirect() support WebDAV "Destination:" field (JPP)
DclAllocateTask() default unconfigured CGIplus lifetime
SsiDoSet() and SsiGetTagValue() allow '$' in variable names
Mapurl_ControlReload() rather than Mapurl_Load()
bugfix; MapUrl_ControlReload()
bugfix; DclUpdateScriptNameCache() run-time pointer
bugfix; OdsNamBlockAst() odsptr->NamFileSysNamePtr
always set to odsptr->SysFileName in case RMS$_FNF, etc.
bugfix; RequestGet() MAX_REQUEST_HEADER (per JPP)
bugfix; allow METACON_TOKEN_INCLUDE for [IncludeFile]
bugfix; MetaConEvaluate() when JustChecking: HTTP header
fields (e.g. "cookie:")
bugfix; DavMetaReadName() and DavMetaWriteName()
allow for typeless file names (e.g. ]AFILE.;)
bugfix; PutWriteFileOpen() ensure SYSPRV enabled before
$ERASE() if not WebDAV request (access and ownership) (JPP)
bugfix; DavWebSlashlessMunge() enable SYSPRV while
calling OdsFileExists() (per JPP)
bugfix; do not use REDIRECT for WebDAV request error report
bugfix; no new token when refreshing existing lock (per JPP)
bugfix; FileNextBlocks() signed/unsigned comparison
when calculating buffer size on files larger than 2^31
bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms()
include '|' and '%' as ODS-5 escaped characters
bugfix; DirAuthorizationAst() only check access on
non-empty expanded file names
bugfix; PutWriteFileOpen() ensure SYSPRV enabled before
$CREATE() if not WebDAV request (for access and ownership)
bugfix; FileNextBlocks() signed/unsigned comparison
when calculating buffer size on files larger than 2^31
bugfix; MapOdsUrlToOds5Vms() MapOdsElementsToVms()
include '|' as an ODS-5 escaped character
bugfix; DirAuthorizationAst() only check access on
non-empty expanded file names
bugfix; PutWriteFileOpen() ensure SYSPRV enabled before
$CREATE() if not WebDAV request (for access and ownership)
bugfix; DirBegin() "httpd=index&" detection (since v9.3.0)
bugfix; DirEnd() suppress </HTML> unless RequestEnd() AST
bugfix; SsiDoDcl() report cgi=/script= query string as error
bugfix; UpdBegin() [goto] processing
01-MAR-2010 MGD v10.0.1,
ProxyFtpListProcessUnix() names with white-space (per JPP)
ProxyResponseRebuild() !"accept-encoding" (per JPP)
make proxy requests subject to throttle (per JPP)
MapUrl__Map() increase some buffer sizes (per JPP)
RequestRedirect() add return length (overflow) check
log format 'HO' request "Host:" field
log format 'RH' any request header (e.g. "RH:cache-control:")
log format 'VS' request virtual service
According to http://www.ietf.org/rfc/rfc2145.txt a server
should respond with the minor HTTP version reflecting its
own compliance rather than the client's provided the
response itself is compliant with the client minor version
(i.e. HTTP/1.0 requests should get HTTP/1.1 in the response
status line - and now implemented by ResponseHeader())
bugfix; LoggingDo() sys$flush(&RAB) not (&FAB)
bugfix; LoggingDo() initialise (zero) &DummyRequest
bugfix; ProxyMaintInit() use v10orPrev10() for scan (per JPP)
bugfix; ProxyTunnelReadAst() data count tx (per JPP)
bugfix; ConfigAcceptClientHostName() reject
29-NOV-2009 MGD v10.0.0,
WebDAV 1,2
AuthAcmeVerifyUser() requires SECURITY privilege to
allow ACME$M_NOAUTHORIZATION for authentication-only
when using WASD_NIL_ACCESS identifier
AuthAcmeVerifyUser() and AuthVmsGetUai() can now use
[AuthSYSUAFlogonType] and/or an optional authorization rule
parameter 'param="logon=.."' to specify the login type
(default is still NETWORK)
AuthRestrictAny() uses a single set of access restrictions
ACME DOI name of '*' indicates use the default of
ACME$LATEST_ENABLED_AGENT_LIST rather than specified DOI
(authentication realm set to the DOI authentication realm)
allow for []-delimited IPv6 addresses as service names
concurrently support v10 and pre-v10 logical names
(use WASD_.. rather than HTTPD$.. and HT_.. logical names)
move WASD process naming schema from "HTTPd:" to "WASD:"
(implies the automatic creation of new rights identifiers)
use STR_DSC and associated StrDsc..() functions
to refine and simplify formatted and buffered output
OdsNameOfDirectoryFile() no longer mandatory that a
directory file actually exists to generate the name
MapUrl_Map()/__Map() now have a REQUEST_PATHSET parameter
(to better decouple file-system mapping and path SETing)
refine loading and mapping of path SETings
add HTTP status filter to WATCH
DclSysOutputAst() if WATCHing DCL and non-CGI-compliant
response continue to end-of-script bit-bucketing output
(DECNET.C code already provides this behaviour)
User-defined log format now includes 'CP' client port
RequestRedirect() allow a redirect to include its own query
string and then concatenate any request query with '&'..
CgiVariable() optimise single-quotation escaping (JPP)
GzipShouldDeflate() do not compress Shockwave Flash
increase minimum size before compression to 1400 bytes
HttpdExit() add explicit traceback for AXP and IA64 (per JPP)
WATCH script item
(interesting and useful suggestion from Jean-Pierre Petit)
callout WATCH:string (see DCL.C)
CGI variable WATCH_SCRIPT indicates when script WATCHing
SET css=<URL>
SET put=max=<kbytes>
SET put=rfm=[FIX512|STMLF]
SET script=agent=as=<account>
SET webdav=... (multiple WebDAV related settings)
[AuthSYSUAFlogonType] specifies NETWORK, DIALUP, etc.
[BufferSizeNetFile] global configuration directive
[BufferSizeNetMTU] global configuration directive
[HttpTrace] global configuration directive
[PutBinaryRFM] global configuration directive
[ServiceLogFormat] a per-service user-defined log format
[ServiceShareSSH] share with (allow proxy to) SSH
[WebDAV...] global configuration directives
"webdav:" conditional
logical name WASD_NO_SYSUAF_ACME disables SYSUAF via ACME
logical name WASD_NO_ACME disables ACME altogether
can't believe it but some PHP script paths are
exceeding a SCRIPT_NAME_SIZE of 128 - bump to 256!
ServiceConfigAdd() use INADDR_ANY if host name lookup fails
NetCreateService() use primary if service IP addr reset
activity report has some major changes (see version log)
AuthorizeResponse() allow agent reason for 403
bugfix; NetWriteStrDsc() flush all full descriptors
bugfix; NetWriteGzip() ensure buffer size <= 65535
bugfix; MapUrl__Map() to URL use request ODS not path ODS
bugfix; ServiceConfigFromString() create and use
temporary service structure when generating report
bugfix; FileAcpInfoAst() and CacheAcpInfoAst()
byte-range limit negative offset
bugfix; OdsNamBlockAst() deliver AST with 'AstParam'
(requiring parameter changes to *lots* of AST functions
called by use of OdsParse() and OdsSearch() - bugga!)
bugfix; AuthVmsChangePassword() ensure that
rqAuth.SysUafDataPtr is populated
bugfix; MapUrl__Map() proxy 'fall-thru'
bugfix; ProxyResponseRebuild() proxy->client compression
chunk only for HTTP/1.1 responses and connection
persistence header fields reflect non-chunked GZIP stream
bugfix; HttpdSupervisor() no-progress use ->BytesRaw..
bugfix; ErrorNoticed() use of 'rqptr' (from 16-NOV-2007)
bugfix; NetRead() redact into DataPtr *not* into
rqNet.ReadBufferPtr (which works until subsequent read :-)
bugfix; DclUpdateScriptNameCache() undo bug from fix of
non-existant problem from 12-APR-2008 (talk about it!)
bugfix; DclUpdateScriptNameCache() copy determined
script invocation method ("@","$","=", etc.) into cache
15-MAR-2008 MGD v9.3.0,
RequestReport() per-current, per-connection,
per-throttle and per-history
CgiGenerateVariables() suppress SCRIPT_NAME if it is an
empty script name ("/")
RequestGblSecUpdate() include remote user and realm in
request monitor data
callout REDACT: and REDACT-SIZE:
support for request redaction (see DCL.C)
NetRead(), RequestRedact(), RequestEnd() redact support
callout NOTICED: (and auth agent NOTICED)
callout OPCOM: (and auth agent OPCOM)
auth agent callout SCRIPT-META
DirBegin() only use query string if it begins "httpd=index&"
RequestExecutePostCache() check again for RequestHomePage()
before final RequestFile()
[ServiceProxyAuth] CHAIN
AUTH_PATH variable for authentication agents
AuthConfigLoadCallBack() do not lower-case path
ProxyRequestRebuild() allow "Proxy-Authorization:" header
only if configured for CHAIN proxy authentication
[SocketSizeRcvBuf] and [SocketSizeSndBuf]
HTADMIN and AUTHHTA modules allow for CONNECT method
ProxyTunnel..() provide for SSL client connections
Server Activity graphing slash-delimitted 'max-requests'
that scales the Y axis allowing finer detail display
authorization realm agent can now be '=agent+opaque'
to suppress the automatic username/password challenge
accounting per-request GZIP compress percentage
RequestRedirect() include response cookie(s)
force ACME on VMS V7.3 and later
[AuthSYSUAFuseACME] obsolete
bugfix; GraphActivityPlotBegin() X axis scaling for
non-integral factors
bugfix; GraphActivityReport() uninitialised 'cptr' before
use in processing '"form"-based query string'
bugfix; AdminMenu() JavaScript doIt() call
bugfix; RequestGet() buggy browser kludge (per JPP)
bugfix; CONNECT proxy authorization
bugfix; AuthCacheGblSecInit() (per JPP)
bugfix; ProxyVerifyGblSecInit() (per JPP)
bugfix; SesolaCacheGblSecInit() (per JPP)
19-MAY-2007 MGD v9.2.1,
RequestGet() now handles extraneous <CR><LF> which
buggy browsers can incorrectly insert after the body
of a valid request (See RFC 2616 section 4.1)
ProxyRequestBegin() restrict HTTP methods for FTP scheme
ProxyFtpLifeCycle() process HEAD as for GET
ProxyResponseRebuild() make request HTTP version a
consideration before chunking proxy->client (with JPP)
RequestExecutePostAuth1() kludge to allow 'implied' scripts
CgiGenerateVariables() provide TRACK_ID if present (for JPP)
bugfix; DclBegin() agent runs under default account
bugfix; MapUrl_Map() auth agent modifying path SETings
bugfix; DirFormatAcpInfoAst() 'S' (size) processing for
block totals at the end of a listing
bugfix; agent mappings using VMS-USER: not being cached
bugfix; GzipDeflateCache() allow for cached CGI header
bugfix; CacheNext() don't adjust GZIP content for CGI header
bugfix; ConfigLoadCallback() post-process sanity checking
for 'NetConcurrentMax' and 'NetConcurrentProcessMax'
bugfix; BodyReadBegin() 413 set status before declaring AST
bugfix; ProxyRequestRebuild() proxy verify
"Authorization:" request header field carriage-control
bugfix; ProxyNetConnectPersist() rejects all further
requests once ProxyConnectPersistMax has been hit
04-NOV-2006 MGD v9.2.0,
significantly enhance WATCH filtering
added REG_NEWLINE to REGEX_C_FLAGS so that anchors match
newlines in strings to support 'Request' filter in WATCH
access logging now supports an HOURLY period
remove file name length constraint for access logs created
on an ODS-5 volume (allows full host name components, etc.)
ProxyTunnelChainConnect() and ProxyTunnelChainConnectAst()
to implement raw tunnelling through an intermediate proxy
maintenance; there seem to have been some changes in the
underlying TCP/IP Services handling of shared sockets
so NetAcceptAst() set socket share on client and ...
NetClientSocketCcl() to control BG device carriage-control
(to parallel the APACHE$SET_CCL.EXE functionality)
DclCalloutDefault() add GATEWAY-CCL: callout to allow
BG device carriage-control from running script
RequestHttpStatusCode() provides more fine-grained HTTP
response status code accounting (mainly for WOTSUP)
DirFormat() and DirFormatSize() allow in-line layouts to
specify size with VMS format listings, as well as
adding size specification of 'V' (VMS-ish, in blocks)
use PercentOf() and QuadPercentOf() for more accurate and
more consistent percentages
AdminMenu() status panel (time, connect, request) mods
AdminMenu() instance [active][standby] functionality
(service item) network connection [Purge][All]
activity graph; add request peak data
('network connections' has been masquerading as this)
(also see 'CRAZY' note in GraphActivityReport())
for authorization add '+=' to realm default syntax for
realm default to be concatenated to any path access
/DO=INSTANCE=ACTIVE|STANDBY
/DO=NET=PURGE[=ALL]|SUSPEND[=NOW]|RESUME
NetPassive() and NetActive() to allow non-supervisor
instances to be made quiescent
NetSuspend() and NetResume() to allow halt and resume
request processing
NetPurge() to remove network connections
increase AUTH_MAX_PATH_PARAM_LENGTH from 127 to 255
(initially prompted by development of AUTHAGENT_LDAP)
add 'ConnectSuspend', 'InstancePassive', 'LastExitTime64',
'LastExitPid' and 'ResponseStatusCodeCount[]' to global
section
bugfix; LoggingDo() changes for daily period test
to support hourly logging (thanks again JPP)
bugfix; SsiEnd() propagate included document user variables
back into parent document to ensure they remain *global*
bugfix; GzipShouldDefault() uninitialized 'cptr' when no
content-type would cause WatchThis() "!AZ" to barf if
'cptr' was non-NULL but pointed into an invalid page
bugfix; NetAcceptProcess() and NetDirectResponse()
should issue 503 for 'too busy', not 502
bugfix; StringMatchAndRegex() regular expression
'MatchType' detection prior to pre-match
bugfix; ThrottleReport() column alignment of 'busy' and
'total' percentages in second row of per-path statistics
bugfix; NetAccept(), NetAcceptAst(), NetAcceptProcess()
nasty problem where multihomed servers 'svptr' confusion
(due to the multihome pointer manipulation) could result
in an attempted re-queue of an accept on a service that
did not correspond to the original accept AST delivery
with the result that no accept ended up being queued
bugfix; ResponseHeader() and NetWrite() accomodate 304
bugfix; RequestGet() timestamp the event immediately
bugfix; AuthConfigLine() propagate 'RealmCanString' by
making it static storage (doh)
bugfix; MenuFileDescription() status from OdsParse()
bugfix; StmLfLog() -E- to -I- for non-status-value call
11-MAY-2006 MGD v9.1.4,
'Proxy affinity' courtesy of Jean-Pierre Petit (esme.fr)
(see PROXY.C for an explanation of what all this means)
enabled per-service using [ServiceProxyAffinity] or
per-path using SET PROXY=[NO]AFFINITY
SesolaCacheInit(), in conjunction with AuthConfigInit()
noting the presence of any X509 realm, automatically
adjusts multi-instance, SSL session cache record size
to accomodate potential client certificate
SesolaInit() added ICACHE=SIZE= and SSL=ICACHE=RECORD= to
allow manual configuration of instance SSL session cache
RequestRedirect() "//:port/path" (i.e. begins with "//:")
allows a redirect to a different port on the same host
increase MapUrl__Map() WildBuffer[] storage to 4096
increase HOST_STORAGE from 236 to 1004 as an interim
workaround for SS$_ENDOFFILE when storage insufficient
(jpp@esme.fr) - why doesn't it return SS$_RESULTOVF?!!
SesolaCacheInit() if boolean 'AuthRealmX509' indicates X509
realm is in use then use a larger session cache record
potential bugfix; CgiOutput() CGI_OUTPUT_MODE_CRLF output
count should be checked for zero before negative index
potential bugfix; when URL-encoded decoding use unsigned
char to prevent sign bit issues with the likes of %FC
bugfix; non-SSL SesolaCacheInit() should return not bugcheck!
bugfix; SSL_shutdown() problem reported by JPP
introduce SesolaNetReadAst() and SesolaNetWriteAst()
to defer reset of AST function address used to indicate
AST-in-progress in other parts of the code
bugfix; CgiOutput() empty 'record' in stream mode should be
ignored and not have carriage-control adjusted (JFP)
bugfix; 'RQ' include method (equivalent of Apache "%r")
bugfix; 'EM', 'ES' and 'UE' arithmetic ('doh'!?)
bugfix; DECnetWriteRequestBody() suppress empty record on
end-of-body for OSU (call DECnetWriteRequestBodyAst())
to prevent it interfering with <DNETREUSE> functionality
bugfix; HttpdTimerSet() TIMER_PERSISTENT (jpp@esme.fr)
bugfix; RequestFields() allow for header lines with no
white-space between field name and value (jpp@esme.fr)
24-NOV-2005 MGD v9.1.3,
authorization OPAQUE realm to allow a script to completely
generate it's own authentication challenge and processing
bugfix; MapUrl__Map() SCRIPT result copy not checking
for null resulting in occasional overflow error status
bugfix; FileNextBlocks() ensure VARiable record format
files have records read on word (even byte) boundaries
bugfix; AuthConfigProxyMap() set cache record SYSUAF
authentication boolean in tandem with request boolean
bugfix; DclSysCommandAst() allow for the queued
post-CGIplus script STOP/ID=0 and EOF
bugfix; copy sentinals into request storage to prevent
them (potentially) being overwritten by an early call
to DclScriptProcessCompletionAST()
bugfix; ResponseHeader() ensure a charset= supplied with
a text content-type (e.g. from a CGI script) is used
15-SEP-2005 MGD v9.1.2,
metacon "server-protocol:" as "1.1", "1.0", "0.9"
SET proxy=reverse=[no]auth (jpp@esme.fr)
AuthAcmeVerifyUser() remote IP address to refine intrusion
data and reduce possibility of DOS attack on usernames
support multiple IP addresses in host cache (jpp@esme.fr)
support proxy to origin server failover (jpp@esme.fr)
[ProxyConnectTimeoutSeconds] configures period proxy to
origin server connection is attempted (1-60 seconds)
add selected request data to ErrorNoticed() report
/DO=ZERO=NOTICED to reset 'errors noticed' accounting
refine OPTIONS ResponseOptions() to provide "Allow:"
bugfix; raw proxy tunnelling requires a contrived connect
request in NetRead() to initiate an AST to RequestGet()
bugfix; AuthAcmeVerifyUser() ACME$_LOGON_TYPE requires
IMPERSONATE (DETACH) privilege for VMS V7.3-1 and earlier
bugfix; DECnetOsuDialog() allow CgiOutput() error responses
bugfix; initialize TcpIpHostCacheExpireSeconds (jpp@esme.fr)
10-JUL-2005 MGD v9.1.1,
[[?]] and service:? to match unknown virtual service
OpenSSL v0.9.8 changed macro name EVP_F_EVP_DECRYPTFINAL
bugfix; adjust CacheMemoryInUse/CachePermMemoryInUse
bugfix; GzipDeflateCache() ambit buffer size calculation
too small for small content lengths (just allow heaps!)
26-JUN-2005 MGD v9.1.0,
SET throttle=<integer>/<integer> per-user throttle
SET script=symbol=[no]truncate
allow for VMS V8.2 64 byte lksb$b_valblk
/DO=DCL=[PURGE|DELETE]=[USER|SCRIPT|FILE]=<string>
script processes by username, script name, or file name
/DO=NOTE=<string> to provide admin mapping notes
/DO=THROTTLE=[TERMINATE|RELEASE]=[USER|SCRIPT]=<string>
throttled requests by username or script name
AdminMenu() [/DO=] button/field and supporting functionality
caching of GZIP compressed content
proxy cache GZIP compressed content
revised multihoming so that the client specified IP address
of a accept()ed connection is used to identify the service
(this allows easier isolation of SSL certificates, etc.)
metacon 'instance:' to allow testing of WASD instances
metacon 'multihome:' to allow detection of mismatched
multihomed IP addresses and services
metacon 'note:' to allow testing of admin conditional notes
metacon 'robin:' to allow round-robin distribution
CGI variable SERVER_MULTIHOME present when above true
provide PWDMIX mixed-case plus printable char passwords
in AuthVmsVerifyPassword() and AuthVmsChangePassword()
CgiVariable() allow path mapping script=symbol=truncate to
truncate a CLI symbol within the limit of the current VMS
version capacity, noting this in SERVER_TRUNCATE variable
SesolaInitService() no longer needs to clone
modify VM statistics to a max of 1024 pages and granularity
of 8 (GZIP significantly increased memory requirements)
DclTaskRunDown() proactively handle task after SS$_NONEXPR
ProxyMaintSupervisor() return if caching not enabled
IA64 TcpIpSetAgentInfo() Multinet uses UCX$IPC_SHR
in the image header (TCP/IP Services' TCPIP$IPC_SHR)
AuthVmsVerifyUser() WATCH which flag causes failure
allow client-side GZIPing of non-GZIPed proxied responses
(courtesy Jean-Pierre Petit at jpp@esme.fr)
allow config files to be a logical search list
(initially to support multiple language HTTPD$MSG files)
relax configured file type check if path SETing
script=command=<..> provides a full activation command
HTTPD$VERIFY can now specify a REMOTE_ADDR IP address
allow report path to exclude using negative codes
SSI <!--#echo header="<string>" --> to response header
SSI <!--#modified expires="0" --> to pre-expire
make EXQUOTA (particularly ASTLM) a little more obvious
bugfix; remove mutex around spurious wake counter
bugfix; MetaConLoad() allocate structure before non-filename
return! (revealed by Alex Daniels with no HTTPD$SERVICE)
bugfix; prevent expired SYSUAF password from being cached
bugfix; ProxyEnd(rqptr) should be ProxyEnd(ktptr) in
ProxyNetHostConnectAst() (jpp@esme.fr)
bugfix; FileResponseHeader() if none-match entity and
IfModifiedSince() logic
bugfix; GzipDeflateCache() ambit buffer size caclulation
(captr->ContentLength >> 9) now (.. >> 7) (jpp@esme.fr)
bugfix; MapOdsUrlToOds2Vms() DECnet access string should
be able to support the space required for password
bugfix; HTTP_METHOD_.. constants needs to be a bitmap!
bugfix; the Ben Burke collection :-)
bugfix; SesolaNetClientShutdown() remove SSL_shutdown()
(revealed by https: tunnelling shutdown)
bugfix; keyword search exclusion on configured file type
04-FEB-2005 MGD v9.0.2,
SET script=control=<...>
[GzipFlushSeconds] controls GZIPed response flush interval
NetWriteGzip() abandon using argument counts to determine
AST usage or direct call, use NetWriteGzipAst() instead
RequestParseAndExecute() and ProxyRequestBegin() remove
explicit disable of POST & PUT connection persistence
CgiOutput() if "Location:" is supplied but no HTTP
status turn it into a 302 (see also ResponseHeader())
ResponseHeader() include 'rqResponse.LocationPtr'
GzipShouldDeflate() disable PDF deflation by default
bugfix; aarghh! NetWriteGzip()/NetWriteGzipAst()
bugfix; ServiceConfigAdd(), NetHostNameLookup() status check
bugfix; ProxyReadResponseAst() if required, chunking needs
to be performed after header as well as body processing
bugfix; NetWriteChunked() ensure an empty body is
terminated with a chunk of zero
bugfix; NetWrite() distinguish between "empty" data and
end-of-stream (inducing occasional ZLIB buffer errors)
bugfix; AuthorizeRealm() check for login cookie before
revalidating new cache record credentials (jpp@esme.fr)
22-DEC-2004 MGD v9.0.1,
introduce chunked responses where content-length is
unknown to enhance connection persistence behaviour
SET response=[no]chunked
CGI Script-Control: X-transfer-encoding-chunked[=0|1]
in Sesola_read() and Sesola_write() remove
BIO_set_retry_..() and BIO_clear_retry_..(),
bugfix; NetWriteGzip() AST no remaining data length
bugfix; Sesola_read_ast() and Sesola_write_ast()
zero I/O status block count on error status
bugfix; MapOdsVmsToUnix() empty if empty
01-DEC-2004 MGD v9.0.0,
HTTP/1.1 compliance
persistent connections over SSL
persistent proxy connections
proxy tunnelling
significant changes to proxy cache file processing
GZIP transfer-encoding (reponse and request)
allow ResponseHiss() kBytes
allow throttling with zero requests being processed
metacon 'request-method:?' tests for HTTP extension method
metacon refined directive and request header field processing
request redirect, CGI variable and proxy request field
processing refined
SET report=tunnel
SET response=gzip=<...>
SET script=body=[no]decode
SET script=syntax=[no]unix
[ConnectMax] (supercedes [Busy]) max concurrent connections
[EntityTag] enables the generation of file "ETag:",
[GzipAccept] accept gzip encoded request bodies
[GzipResponse] level[,memory,window] gzip encoded responses
[LogWriteFail503] service unavailable 503 response when
access log write fails
[PipelineRequests] enables pipeline processing
[ProcessMax] max concurrent requests being processed
[ProxyCacheNegativeSeconds] for non-success responses
[ProxyConnectPersistMax] and [ProxyConnectPersistSeconds]
for controlling proxy->server connection persistence
[ServiceProxyTunnel] connect | firewall | raw
[ServiceClientSSLcert] and others allow outgoing SSL config
[TimeoutPersistent] supercedes [TimeoutKeepAlive]
CGI Script-Control: X-content-encoding-gzip[=0|1]
bugfix; FileVariableRecord() memset only if positive
bugfix; (authorization) agents should not begin to read
a POSTed request body (Jean-Pierre Petit, jpp@esme.fr))
bugfix; CgiOutputFile() missing sizeof(FILE_CONTENT)
when VmReallocHeap() increasing buffer space
bugfix; AuthReadSimpleList() group member password check
02-OCT-2004 MGD v8.5.3,
revalidation periods and '?httpd=logout&goto=...'
change from self-relative to absolute links in "Index of"
anchor generation (broke usage in some SSI documents)
bugfix; MetaconClientConcurrent() if IP address not the same!
bugfix; auth=revalidate= is minutes not seconds
bugfix; even number of bytes on a disk $QIO READVBLK
bugfix; HttpTimerSet() after mapping in case of SET timeout
bugfix; ServiceFindVirtual() port string comparison
31-JUL-2004 MGD v8.5.2,
bugfix; StringMatchAndRegex() SMATCH__GREEDY_REGEX
bugfix; (potential anyway) PutWriteFileClose()/PutEnd()
bugfix; TcpIpNetMask() result in AuthRestrictList()
bugfix; ProxyFtpPasvData() if PASV response address
is 0.0.0.0 then use connect address
30-JUN-2004 MGD v8.5.1,
bugfix; HttpdExit() INHIB_MSG test
07-JUN-2004 MGD v8.5.0,
IPv6 (concurrent with IPv4) support
ACME authentication (realm)
[AuthSysUafUseACME] config directive
config directives [DNSLookupClient] (formerly [DNSLookup]),
[DNSLookupLifeTime] and [DNSLookupRetry]
config directive [ProxyHostCachePurgeHours] obsolete
SYSUAF user verification now checks pre-expired passwords
changes to eliminate RMS from file access and proxy cache
(WASD's doing all the content conversion work anyway!)
by using ACP/QIOs and massaging record content explicitly
(outgrowth of returns from 8.4.3 changes in this area)
on-disk structure for each PASS result (ODS-2 or ODS-5)
is applied to a path unless otherwise SET with ODS=
bugfix; file cache pointer initialization before
first call to CacheNext()
bugfix; agent script should have non-strict-CGI ignored
(stupid problem introduced with script output caching)
04-MAR-2004 MGD v8.4.3,
read variable record format files using block IO and then
explicitly process those records to produce a stream-LF
block of data in their place!
(provides in excess of 400% throughput boost!!! :^)
set script process default directory before activation
set script process parse extended/traditional if path ODS set
CGI 'Script-Control: X-content-handler=SSI' field
absorb CGI/NPH header during script CGI processing
SET ssi=exec=<string>
script=default=<directory>
SSI can now be enabled on a per-path basis using 'ssi=exec=#'
SSI #exec (#dcl) directives can be allowed on per-path basis
using SET ssi=exec=<string> (e.g. 'ssi=exec=say,show')
'delete-on-close' file specification extended
SSI <!--#dcl script="/cgi-bin/blah" -->
metacon add server_process_gt:, change to client_connect_gt:
and server_connect_gt: to better reflect functionality
service access log report (last 65kB of an access log)
add connect processing and keep-alive accounting items
DECC 6.2 objected to '$DESCRIPTOR(name,ptr->string)'
bugfix; rare RECTOOBIG on variable record length file where
longest record exceeded 'OutputBufferSize' so initialize
buffer to maximum of 'OutputBufferSize' or file lrl
bugfix; RequestExecute() re-set error by redirect
bugfix; ErrorGeneral() always get module name and number
bugfix; DclAllocateTask() CGIplus with virtual services
bugfix; ProxyFtpListProcessUnix() maximum fields handling
08-JAN-2004 MGD v8.4.1,
SET response=header=[no]add[="<string>"]
04-JAN-2004 MGD v8.4.0,
compilation and run-time support for IA64
for VMS 7.3-2 and later take advantage of the larger
EDCL CLI line (255->4095) and symbol (1024->8192) sizes
'config directory' located authorization databases
authorization path keyword 'final' to conclude further
rule mapping at that point (as if none matched)
rule mapping "set map=root=<path>" allows a set of rules
to be rooted to a particular path (CGI document-root)
support "Range: bytes=<range>[,<range>..]" request field
for non-VAR-record files and cached files
provide network mode operation (server and scripts)
revise detached process cleanup candidate identification
(now requires CMKRNL privilege to use $GRANTID service)
modify DCL.C script activation code (allow qualifiers
and/or parameters to be supplied from path setting)
extensive rework of cache module to allow non-file content
(e.g. script) output to be cached
[CacheGuardPeriod] <hh:mm:ss> configuration directive
optional HTTPD$MSG [language] 'charset=<string>' parameter
HTA database now "read [record] regardless of lock"
SET cache=[no]cgi, cache=expires=<period>, cache=[no]file,
cache=[no]net, cache=maxkbytes=<int>, cache=[no]nph,
cache=[no]script, cache=[no]ssi,
map=root=<string>,
map=set=[no]ignore, map=set=[no]request,
proxy=reverse=location=<string>, proxy=reverse=verify,
response=header=[append|full|none],
script=command=<string>
reverse-proxy 302 "Location: ..." response can have the
location URL rewritten to reflect the original host
reverse-proxy can be locally authorized and then have
that verified by the proxied-to server (UMA)
metacon "document-root:" ('DR') reflects "set map=root="
add "client_current_gt:" and "server_current_gt:"
/PERSONA=IDENT=<name> is now available for PERSONA_MACRO
mapping now URL-encodes a redirect wildcard path portions
rework some report item format and content
check Digest authentication against Mozilla 1.4
only check SYSUAF secondary password expiry date/time
if the secondary password hash is not empty
bugfix; error report by redirect, set after virtual host
bugfix; GraphActivityPlotBegin() and GraphActivityDataScan()
signed/unsigned issue masking out request value
bugfix; chained proxy CONNECT processing
bugfix; keep track of outstanding body reads
bugfix; according to the doco "Index of"s from SSI should
not be delimited top or bottom (up to SSI to caption it!)
bugfix; DclScriptProcessPurge()
12-OCT-2003 MGD v8.3.2,
bugfix; DECnet allow for outstanding network writes
bugfix; "internal" script detection
bugfix; MetaConLoad() [IncludeFile]
bugfix; ProxyRequestRebuild() rebuild buffer space
bugfix; suppress output after "Script-Control: x-error..."
bugfix; keyword search exclude file type
bugfix; notepad needs to be explicitly NULLed
bugfix; MAP-FILE: stripping leading character
bugfix; DECnet allow for outstanding body reads
15-AUG-2003 MGD v8.3.1,
allow the database directory location to be specified using
authorization rule 'param="/directory=device:[directory]"'
allow for and keep track of $HIBER spurious wakes
massage SYSUAF-authenticated remote username to comply
with VMS requirements
suppress digest auth challenge except for HTA and external
where CDATA constraints make using entity impossible
use a field name of hidden$lf and ^ substituted
with the BODY.C module doing some sleight-of-hand with it
(modern browsers like Mozilla were having issues)
BODY_DISCARD_CHUNK_COUNT made *very* large
bugfix; ServiceConfigReviseNow() form element names must be
unique (technically correct, enforced by modern browsers)
bugfix; AuthCacheAddRecord()
bugfix; check for NULL pointer 'cnptr->ReuseConnection'
bugfix; DECnetCgiDialog() not strict wait for EOF sentinal
bugfix; do not allow SET mapping during a callout
bugfix; use _BBCCI() to clear the mutex in InstanceExit()!!
bugfix; SesolaCacheAddRecord() oldest tick second
28-JUN-2003 MGD v8.3.0,
regular expression support
[AuthFailurePeriod], [AuthFailureTimeout],
[ProxyUnknownRequestFields], [RegEx] directives
SET cache=[no]perm, cache=max=<integer>
SET notepad= and if (notepad:<string>)
metacon "notepad:", "regex:", "request:" ('RQ'), "restart:"
[Match] Server Admin item, report, and WATCH item
file cache support for permanent and volatile entries
improve efficiency RequestRedirect() & ProxyRequestRebuild()
store and provide unrecognised request header fields
rework break-in detection and processing
(configuration defaults to LGI sysgen parameters and now
operates in the same way as described for general VMS)
/SYSUAF=(VMS,ID) allows concurrent VMS and ID authorization
add proxy cache device error count statistics
home pages may now be [Welcome]+[DclScriptRunTime] specified
(i.e. provided via scripting environments such as PHP)
request heap statistics and VmRequestTune()
bugfix; add HTTP protocol to combined/common format URL
bugfix; request body to be read needs to be the smaller of
remaining body or buffer size (jpp@esme.fr)
bugfix; InstanceMutex..() use _BBCCI() to clear the mutex
bugfix; FILE.C FileSetCharset() following CacheSearch()
moved to CACHE.C module (ACCVIO if entry NULLed)
bugfix; ProxyMaintDeviceStats() volume count (set) handling
bugfix; ServiceConfigFromString() (jpp@esme.fr)
bugfix; DirFormatLayout() static flags (jpp@esme.fr)
bugfix; request SET Html.. memory allocation (jpp@esme.fr)
bugfix; MetaConParse() decrement index (back) when
not currently executing an if()inline directive
bugfix; (and refine) DECnetSupervisor()
bugfix; DclSysOutputAst() do not rundown script process
if the error generated came from "Script-Control:"
bugfix; CGI(plus) allow for '!' from (!$blah) mapping rule
09-APR-2003 MGD v8.2.0,
some minor logging format changes for server entries
wildcard and comma-separated list of languages
can be specified (e.g. "[Language] es-ES,es,es-*")
[ProxyForwarded] supercedes [ProxyAddForwardedBy] with
proxy=forwarded[=...] mapping rule
[ProxyXForwardedFor] configuration directive with
proxy=xforwardedfor[=...] mapping rule to support
proxy generation of "X-Forwarded-For:" header field
authentication agent '100 REASON any text'
script=as=$? to indicate optional use of SYSUAF username
SET dir=style[=default|original|anchor|htdir],
SET html=[bodytag|header|headertag|footer|footertag]=[..]
and incorporation in "Index of", selected other facilities
SET cgiplusin=[none|cr|lf|crlf], SET cgiplusin=eof,
SET script=query=none, SET script=path=find,
SET [no]search=none
disable 'NetMultiHomedHost' (should not be required
for modern virtual service processing)
script=params=+(name=value) concatenates to any existing
HTAdminPasswordChange() check for VMS group write
processes created using HttpdDetachServerProcess() now have
a YYYYMMDDHHMMSS timestamp as part of the process log name
with RTEs look first for one that was executing the same
script, then if not found fall back to (any) LRU RTE
SYSUAF security profile via rule and /PROFILE=BYRULE
script as SYSUAF username can be requested with auth rule
allow [[service]] to include the [[scheme://service]]
relax ServiceParse() so that [[the.host.name]] is accepted
enable SYSPRV in HTAdminDatabaseSearch()
relax initial CGI response line checking
build 'records' from script single byte output streams
general (non-RTE) run-time allowed with (!..) syntax
both run-time specifications allowed with SCRIPT rule
added GATEWAY_EOF/EOT/ESC CGI variables
sentinals changed to have only RMS-compliant characters
supply more detail from "%DCL-E-OPENIN, blah" responses
SesolaParseCertDn() record /email and /emailAddress
bugfix; Alpha VMS V7.1 or earlier sys$persona_assume()
needs to be used in the same way as for VAX
bugfix; RequestRedirect() append remain CGI response header
bugfix; body provision for script processing restart
bugfix; proxy FTP ResponseHeader() content-length of zero
bugfix; StringParseQuery() loop on string overflow
bugfix; HTAdminPasswordChange() cache reset realm
bugfix; error recovery in Sesola_read() and Sesola_write()
bugfix; DECnetFindCgiScript() foreign verb creation
10-JAN-2003 MGD v8.1.1,
SET script=query=relaxed
AuthVmsLoadIdentifiers() more flexible
bugfix; ControlEnqueueCommand() occasional race condition
07-DEC-2002 MGD v8.1.0,
SET auth=all (path must be subject to authorization or fail)
CGI 'Control-Script:' X-error-... fields
add 'mp' mapping and 'mapped-path:' metacon conditionals
add 'rc' mapping and 'redirected:' metacon conditionals
add 'st' mapping and 'script-name:' metacon conditionals
add "path-translated:" metacon conditional
skeleton-key authentication
refine mapping rule processing to ensure that paths with
forbidden syntax generate RMS bad syntax
check for device and directory (minimum) before parse
refine metacon reporting (reporting detected errors to OPCOM)
the server now detects the presence of HTTP$NOBODY
account and scripts using that
if the server is using HTTP$NOBODY or /script=as=
DECnet scripting now uses the same account
refine VMS security profile usage (no, just coincidence!)
to allow VMS profile authorized requests to override
directory listing controls (amongst other things)
server process log is now accessable via the Admin Menu
additional mapping functionality (SET query-string=)
no sneaky getting directory contents by downloading files!
CGI.C in non-strict CGI mode report anything like
"%DCL-E-OPENIN, blah" as a failed script activation
PUT.C allow for white-space in multipart file names
bugfix; in OdsNameOfDirectoryFile() use SYSPRV
around sys$parse() to ensure access to directory
bugfix; set path dir=access not ignored
25-SEP-2002 MGD v8.0.1
additional persona counters
/script=as= allows a NOBODY scripting environment
without enabling PERSONA in general
require account SYSPRV for certain command-line activities
implement /persona=[authorized|relaxed|relaxed=authorized]
to prevent inadvertant scripting using privileged accounts
HttpdDetachServerProcess() [STARTUP]STARTUP_SERVER.COM
MapOdsElementsToVms() excise parent directory syntax
only use MapUrl_VmsUserName() path ODS if not already set
SET report=4nn=nnn for mapping HTTP status
SET map=ellipsis now required to map VMS '...' wildcard
SET dir=charset= directory listing charset mapping rule
support 'script=as=' functionality, plus DECnet variants
NODE"$":: substitutes SYSUAF authenticated username into
access string (for proxy access to account) and
NODE"~":: substitutes '/~username/' username in same way
set path en/decoding for RSI (MultiNet NFS), PATHWORKS (v4),
Advanced Server (PATHWORKS v6) / Samba file naming schemas
(as well as for ODS-2 and ODS-5)
AuthVmsCheckUserAccess() traps SS$_NOCALLPRIV returning
SS$_NOPRIV to allow directory listings of DFS volumes
introduce fab$b_rfm and fab$b_rat as fields to allow
PUT.C to specifically set these attributes as required
refine SesolaReport() for obtaining service ciphers
(OpenSSLv0.9.6f/0.9.7-beta break it)
local redirection should have the path re-URL-encoded
FAO change function of "!&U" to "!&P", new "!&U"
enhance authentication and SSL global section creation
allow for 'pass /* 400' (i.e. no trailing message)
RFC1413 authorization with DNS lookup use host name to
construct remote user string
rework path alert notification for greater functionality
bugfix; make ServiceConfigLoad() file not found non fatal
bugfix; ConfigIconFor() terminate on content-type
bugfix; if <CR> restart MIME boundary matching algorithm
using that char (allow for <CR><LF><CR><LF>--..boundary)
bugfix; 'Xray' broken in v8, repaired and reworked
bugfix; always revalidate X509 and RFC1413
(for path authorization after script)
bugfix; 'script' and 'exec' MetaConParseReset() state
bugfix; set AuthCacheRecordSize from HTTPD$CONFIG value
bugfix; when discarding via BodyReadBegin() use BodyRead()
to queue a network read only if data is outstanding
bugfix; template/result wildcard checking for scripting rules
bugfix; do not count callout records for CGI header purposes
03-JUL-2002 MGD v8.0.0
"instance" capability (loosely coupled, multiple
socket/service-sharing servers on the one system)
meta-config (integrated config, mapping, service, auth),
provide "module WATCHing" for on-line, ad hoc debug
SET script=params=(name=value), proxy=bind=<address> and
proxy=chain=<host:port> mapping rules
asynchronous block processing of POST and PUT request body
some accomodations for Mozilla-HTTP/1.1 "Cache-Control:"
improve performance with EFN$C_ENF and use explicitly
allocated event flags for avoiding potential interactions
client host name lookup now asynchronous
FTP proxying processing
/DEMO demonstration mode
29-JUN-2002 MGD v7.2.3
some accomodations for Mozilla-HTTP/1.1 "Cache-Control:"
bugfix; [ProxyCacheNoReloadSeconds] parsing
bugfix; (well sort of) it would appear that after NO_CONCEAL
searching and a sys$open() must sys$close() *before* the
SYNCHCK sys$parse() release resources otherwise a channel
bugfix; ensure when OdsParse() is used successively with
the same ODS structure that previous resources are first
released (can present a problem unique to search lists)
to the device is left assigned!!
bugfix; ensure sys$search() RMS channel is released
bugfix; ProxyResolveHostCache() NULL 'rqptr'
bugfix; account/password expiry
bugfix; DclFindFileEnd() reset result file name
bugfix; SsiAccessesClose() now synchronous using SYSPRV
13-APR-2002 MGD v7.2.2
Authorize() allow /NO401 parameter to suppress server
challenge to allow external agent to response (e.g. PHP)
ProxyHostConnectAst() invalidate host cache entry
NetCreateService() checks previously bound address
MapOdsUrlToVms() eliminate chance of device:[.directory]
make a proxy reactive purge initially more agressive
keep-alive decision logic to RequestFields()
bugfix; ensure only one request revalidates a cache entry at
a time (multiple could cause eventual channel exhaustion)
bugfix; switch return not break with next reactive scan
bugfix; AuthConfigProxyMap() wildcard string results
bugfix; ODS-5 parent directories with multiple periods
bugfix; command-line proxy cache maintenance reporting
bugfix; FileNextRecordAst() VAR file into contents buffer
bugfix; MAPURL.C throttle report
bugfix; AuthCacheAddRecord() and host group without "host="
bugfix; reset SSL state to SSL_ST_OK if renegotiation fails
bugfix; DclTaskRunDown() reset script task type
bugfix; MsgFor() Accept-Lang: comparison
bugfix; NetAcceptAst() deassign channel when connect dropped
bugfix; wildcard substitution in MapUrl__Map()
bugfix; StringMatch() wildcard matching
bugfix; close log file for ALL services in LOGGING.C
bugfix; !&M formatting directive in PROXYCACHE.C
bugfix; /RELAXED should allow all but DISUSERed accounts
to authenticate regardless of RESTRICTED or CAPTIVE flags
03-NOV-2001 MGD v7.2.1
PERSONA.C using PERSONA.MAR can now provide persona scripting
for pre-VMS 6.2 VAX systems (CAUTION!! - UNSUPPORTED)
"TASK=CGI..", "0=CGI.." recognised as DECnet CGI dialog
FAB$M_TEF to deallocate unused log file space
StringMatch() replaces SearchTextString() for more
light-weight text matching (affects six modules)
[SsiSizeMax] and [ProxyCacheNoReloadSeconds]
FILE.C block I/O complete if _rsz is less than _usz
'ProxyCacheNoReloadSeconds' limits immediate (pragma) reload
ensure mapping conditional not mistaken for missing template
kludge work around spawning authorized privs with $CREPRC
bugfix; ensure only one request revalidates a cache entry at
a time (multiple could cause eventual channel exhaustion)
bugfix; close current log file if period changes
bugfix; DECnet user script mapping
bugfix; FileNextBlocksAst() 'ContentRemaining'
bugfix; wildcard substitution in MapUrl__Map()
bugfix; sys$close() in OdsLoadTextFile()
bugfix; always generate callout sequences
bugfix; a bugfix in VMS V7.2 has broken the previously
working usage of IO$_MODIFY in ProxyCacheSetLastAccessed()
bugfix; activity graphic
bugfix; check ParseQueryField() in WatchBegin() for NULL
bugfix; allow agent to provide 'CGIPLUS:' directive
bugfix; 'layout=U' upper-casing
01-JUL-2001 MGD v7.2.0
X.509 authentication and authorization
RFC1413 (identfication protocol) authorization
remote user to vms user (SYSUAF authorization) proxy mapping
proxy cache maintainence may now be done from the CLI
HTL list maintenance can now be done from the Admin Menu
a fatal authorization problem now disables authorization
"hh:mm:ss" allows for a more versatile period
concurrent processing controls (request "throttling")
improved script process run-down conditions and handling
HttpdTick() drives XxxSupervisor()s
control (/DO= and Admin menu) now via a global section
monitor (HTTPDMON) data now supplied via a global section
suppress CGI content-type "x-internal..."
[IncludeFile] for all configuration files
request supervisor refinements
.URL file processing
01-JUL-2001 MGD v7.1.2
add selective status codes to error report path
refine 'view' and 'list' redirection in UPD.C
refine logging RMS characteristics (500% improvement)
provide for ODS-5 "hidden" files ('^.')
check network status during SSL accept
EXEC of file type
remove http: check from SesolaAccept()
bugfix; parsing of [ServiceProxyChain]
bugfix; 'RU' conditional
bugfix; SCRIPT_FILENAME with CGIplus
bugfix; NetThisVirtualService() and call conditions
bugfix; SesolaFree() BioPtr
bugfix; AuthVmsCheckUserAccess() return SS$_NOPRIV
bugfix; ParseNetMask() and VSLM mask processing
bugfix; sys$create_user_profile() length size from word
(System Services Manual) to unsigned int (startlet.h)!
bugfix; authorization network masks
bugfix; directory specfication length (sys$check_access())
bugfix; HTAdminPasswordChange() call to FaoToOpcom()
bugfix; AuthGenerateHashPassword() force upper-case
bugfix; final status at write group/no read group check
18-JAN-2001 MGD v7.1.1
HTTPD$SCRATCH automatic script scratch file cleanup
authentication agent can now '100 SET-COOKIE rfc2109-cookie'
bugfix; memory leak in AUTH.C
bugfix; FILE.C make a search list DNF appear as a FNF
bugfix; /PROFILE empty directory passing incorrect parameter
bugfix; general error reporter variable arguments
bugfix; final authorization failure should specify 403
bugfix; ensure mapping rules exist for authentication agents
bugfix; control cache purge arguments
17-OCT-2000 MGD v7.1.0
sys$creprc() scripting
sys$persona...() scripting
Run Time Environments (RTEs)
server-group/cluster-wide directives (via DLM)
further refined CGI.C module output handling
apply authorization to SSI.C #include'd and #dir'e
client socket (BGnnnn:) potentially sharable for scripts
proxy cache device directory organization flat256/64x64
modify SSL initialization to better indicate "fallback"
integration of WATCH peek/one-shot
03-SEP-2000 MGD v7.0.2
limit script output of ENDOFFILE
if CGI response "Content-Encoding:" force stream mode
bugfix; ProxyResolveHostLookup() can be called multiple
during host name resolution - only allocate channel once!!
bugfix; include Accept-Encoding when redirecting
bugfix; ParseQueryField() string length check
09-JUL-2000 MGD v7.0.1
locking around proxy cache scans
add "success=" 303 processing to PUT.C file upload
improve CgiOutput() header processing (again!)
correct concealed/searchlist parsing
allow "302 location" redirection from authentication agent
bugfix; proxy CONNECT service
bugfix; HEAD requests specifying content-length
bugfix; WatchCliSettings() storage
01-JUN-2000 MGD v7.0.0
support extended file specifications
(ODS-5 under Alpha VMS V7.2ff)
event reporting via OPCOM
some "Apache" support for easing CGI script ports
access log file naming refinements
18-MAR-2000 MGD v6.1.3
bugfix; authconfig processing
06-JAN-2000 MGD v6.1.2
authorization failure limit evasion period
numerous warnings from DECC v6.2 addressed
bugfix; user restriction list pass (broken in 6.1)
17-DEC-1999 MGD v6.1.1
bugfix; quote double-up in CgiVariable() (INSVIRMEM exit)
04-DEC-1999 MGD v6.1.0
"agent" authentication/authorization
CGI(plus) processing provides callouts
SSI module now supports OSU-specific directives
/SYSPRV now allows operation with SYSPRV turned on
"one-shot" WATCH and "peek" reports
output no-progress timer
remove NETLIB support
16-OCT-1999 MGD v6.0.3
bugfix; sys$create_user_profile
bugfix; mapping storage overflow
USER mapping rule for SYSUAF access
12-SEP-1999 MGD v6.0.2
minor changes to authorization processing
bugfix; service parsing and SSL
virtual services now match using "Host:" field
19-JUN-1999 MGD v6.0.1
refinements to request termination/rundown
bugfix; DECnet (CGI and OSU) task handling
bugfix; proxy request HTTP/0.9 response processing
30-MAY-1999 MGD v6.0.0
proxy, with HTTP caching
OpenSSL 0.9.3 support (also SSLeay support)
extended authorization/authentication environment
31-MAR-1999 MGD v5.3.4
bugfix; SesolaReport(), HttpHeaderChallenge()
28-MAR-1999 MGD v5.3.3
SSI variables global (when "#include"ing other SSI)
SSI read buffer determined by 'FileXabFhc.xab$w_lrl'
05-FEB-1999 MGD v5.3.2
bugfix; FileNextRecord() zero '_usz'
10-JAN-1999 MGD v5.3.1
greater granularity when WATCHing authorization
bugfix; OSU scripting pass *mapped* file spec
14-NOV-1998 MGD v5.3.0
[[host:port]] virtual service syntax
[AddType] can now "text/html; charset=ISO-8859-1"
[CharsetDefault] sets text and server character set
improved AST granularity several significant modules
WATCH report and CLI
RMS-invalid substitution character in mapping rules
bugfix; NameOfDirectoryFile()
29-AUG-1998 MGD v5.2.0
reuse DECnet task connections
allow specified hosts exclusion from logging
stream-LF conversion only on specified paths
bugfix; SYS$TIMEZONE_DIFFERENTIAL processing
bugfix; DECnet tasks not aborted at timeout
07-JUL-1998 MGD v5.1.0
add eXtended Server Side Includes processing
design-problem; modify CGIplus script rundown
SYSUAF authentication by identifier
per-service logging
rqptr->rqTmr.Terminated (occasional lib$get_vm()
%LIB-F-BADLOADR around connection expiry termination)
20-DEC-1997 MGD v5.0.0
optional Secure Sockets Layer (using SSLeay)
DECnet-based scripting including OSU emulation
miscellaneous revisions and "improvements"
07-JAN-1997 MGD v4.5.2
bugfix; record-mode file transfer
bugfix; activity graph
06-DEC-1997 MGD v4.5.1
resolving a suspected inconsistent AST delivery situation
by requiring all $QIO()s with AST routines to ensure any
queueing errors etc. are reported via the AST routine by
an explicit $DCLAST() ... this removes ambiguity about how
$QIO() returns should be handled ... drastic but desperate
times, etc. (a more consistent and desirable model anyway :^)
02-NOV-1997 MGD v4.5.0
file cache
logging periods
HttpdSupervisor()
configurable script run-time environments
additional request header fields
18-OCT-1997 MGD v4.4.1
bugfix; duration
bugfix; logging period
01-OCT-1997 MGD v4.4.0
message module
conditional rule mapping
SYSUAF-authenticated user access control
multi-homed/multi-port services
(some NETLIB packages now cannot DNS lookup)
echo and Xray internal scripts
extensions to logging functionality
additional command-line server control
bugfix; redirection loop detection
01-AUG-1997 MGD v4.3.0
MadGoat NETLIB broadens TCP/IP package support
server activity report
16-JUL-1997 MGD v4.2.2
bugfix; WORLD realm and access list
07-JUL-1997 MGD v4.2.1
minimum heap allocation chunk size
prevent keep-alive timeout redefining request logical
01-JUL-1997 MGD v4.2.0
change name to WASD (Wide Area Surveillance Division)
persistent DCL subprocesses and CGIplus
(see re-written DCL.C module)
scripting and client reports
potential multi-thread problems in reports fixed
27-MAR-1997 MGD v4.1.0
rationalized HTTP response header generation
delete on close for "temporary" files to support
UPD module "preview" functionality ... WARNING, any
file with a name comprising a leading hyphen
sixteen digits and a trailing hyphen will be deleted!
01-FEB-1997 MGD v4.0.0
HTTPd version 4
01-OCT-1996 MGD v3.4.0
extended server reporting
01-AUG-1996 MGD v3.3.0
realm/path-based authorization
BASIC and DIGEST authentication
PUT(/POST/DELETE) module
StmLf module (variable to stream-LF file conversion)
12-APR-1996 MGD v3.2.0
file record/binary now determined by record format
persistent connections ("Keep-Alive" within HTTP/1.0)
moved RMS parse structures into thread data
improved local redirection detection
observed Multinet disconnection/zero-byte behaviour
(request now aborts if network read returns zero bytes)
15-FEB-1996 MGD v3.1.1
fixed rediculous :^( bug in 302 HTTP header
minor changes to request accounting and server report
minor changes for user directory support
minor changes to error reporting
03-JAN-1996 MGD v3.1.0
support for both DEC TCP/IP Services and TGV MultiNet
01-DEC-1995 MGD v3.0.0
single heap for each thread's dynamic memory management
extensive rework of DCL subprocess functionality
HTML pre-processsing module (aka Server Side Includes)
NCSA/CERN compliant image-mapping module
NetWriteBuffered() for improving network IO
miscellaneous reworks/rewrites
27-SEP-1995 MGD v2.3.0
carriage-control on non-header records from <CR><LF>
to single <LF> ('\n' ... newline), some browsers expect
only this (e.g. Netscape 1.n was spitting on X-bitmaps)
added Greenwich Mean Time time-stamp functionality
added 'Referer:', 'If-Modified-Since:', 'User-Agent:'
07-AUG-1995 MGD v2.2.2
optionally include commented VMS file specifications
in HTML documents and VMS-style directory listings
16-JUN-1995 MGD v2.2.1
added file type description to "Index of" (directory)
24-MAY-1995 MGD v2.2.0
minor changes to allow compilation on AXP platform
03-APR-1995 MGD v2.1.0
add SYSUAF authentication, POST method handling
20-DEC-1994 MGD v2.0.0
multi-threaded version
20-JUN-1994 MGD v1.0.0
single-threaded version
*/
/*****************************************************************************/
#ifndef VERSION_H_LOADED
#define VERSION_H_LOADED 1
/* five characters or less */
#define HTTPD_NAME "WASD"
#define HTTPD_SOFTWAREID_NAME "HTTPd-WASD"
/* keep HTTPD_GBLSEC_VERSION in step with this version (as necessary) */
#define HTTPD_VERSION "12.0.0"
/* used to name and to detect changes in global section data structures */
#define ACTIVITY_GBLSEC_VERSION_NUMBER 0x120000 /* i.e. 12.00.00 */
#define AUTH_GBLSEC_VERSION_NUMBER 0x120000
#define AUTH_TOKEN_GBLSEC_VERSION_NUMBER 0x120000
#define HTTPD_GBLSEC_VERSION_NUMBER 0x120000
#define SESOLA_GBLSEC_VERSION_NUMBER 0x120000
#define PROXYVERIFY_GBLSEC_VERSION_NUMBER 0x120000
/* used as part of the the "instance" lock names, allowed range 1..15 */
#define HTTPD_LOCK_VERSION 1
VersionInfo();
#endif /* VERSION_H_LOADED */
/*****************************************************************************/